1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 E. H. and C.S., Case No. 23-cv-04784-WHO
8 Plaintiffs, ORDER ON MOTION TO DISMISS v. 9 Re: Dkt. No. 34 10 META PLATFORMS, INC., Defendant. 11
12 This case is one of many pending in this District and around the country against defendant 13 Meta Platforms, Inc. (“Meta”) over the use of its “pixel” tracking technology. According to 14 plaintiffs here and in the other cases, Meta encourages operators of websites and applications 15 (“apps”) to install its pixel technology and then, unbeknownst to users of those websites and apps 16 (here Cerebral, an online mental telehealth provider, Compl. ¶ 36), the users’ sensitive healthcare 17 information is transmitted to Meta. Here, named plaintiffs E.H. and C.S. are residents of 18 Oklahoma and Massachusetts respectively and do not have Facebook accounts. Yet they allege 19 their data was intercepted and transmitted to Meta. See Compl. ¶¶ 7, 11, 12. 20 Meta acknowledges my prior Orders in In Re Meta Healthcare Pixel Litigation: while 21 preserving its arguments, it does not challenge in the motion to dismiss in this case plaintiffs’ 22 Federal Wiretap Act,1 CIPA,2 and unjust enrichment claims. Instead, it challenges plaintiffs’ 23 claims for: invasion of privacy; violation of California’s Unfair Competition Law (“UCL,” Cal. 24 Bus. & Prof. Code § 17200 et seq.); violation of California’s Consumers Legal Remedies Act 25 26 1 18 U.S.C. §§ 2510, et seq. 27 1 (“CLRA,” Cal. Civ. Code § 1750 et seq.); and conversion.3 Its motion to dismiss is DENIED. 2 LEGAL STANDARD 3 Under FRCP 12(b)(6), a district court must dismiss a complaint if it fails to state a claim 4 upon which relief can be granted. To survive a Rule 12(b)(6) motion to dismiss, the plaintiff must 5 allege “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. 6 Twombly, 550 U.S. 544, 570 (2007). A claim is facially plausible when the plaintiff pleads facts 7 that “allow the court to draw the reasonable inference that the defendant is liable for the 8 misconduct alleged.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (citation omitted). There must 9 be “more than a sheer possibility that a defendant has acted unlawfully.” Id. While courts do not 10 require “heightened fact pleading of specifics,” a plaintiff must allege facts sufficient to “raise a 11 right to relief above the speculative level.” Twombly, 550 U.S. at 555, 570. 12 In deciding whether the plaintiff has stated a claim upon which relief can be granted, the 13 court accepts the plaintiff’s allegations as true and draws all reasonable inferences in favor of the 14 plaintiff. See Usher v. City of Los Angeles, 828 F.2d 556, 561 (9th Cir. 1987). However, 15 the court is not required to accept as true “allegations that are merely conclusory, unwarranted 16 deductions of fact, or unreasonable inferences.” In re Gilead Scis. Sec. Litig., 536 F.3d 1049, 17 1055 (9th Cir. 2008). If the court dismisses the complaint, it “should grant leave to amend even if 18 no request to amend the pleading was made, unless it determines that the pleading could not 19 possibly be cured by the allegation of other facts.” Lopez v. Smith, 203 F.3d 1122, 1127 (9th Cir. 20 2000). In making this determination, the court should consider factors such as “the presence or 21 absence of undue delay, bad faith, dilatory motive, repeated failure to cure deficiencies by 22 previous amendments, undue prejudice to the opposing party and futility of the proposed 23 amendment.” Moore v. Kayport Package Express, 885 F.2d 531, 538 (9th Cir. 1989). 24 3 Meta asks me to take judicial notice of its Business Tools Terms and its Commercial Terms, 25 because these documents are “available on publicly available websites” and under the doctrine of incorporation because “plaintiffs’ complaint depends on the contents of the documents.” Dkt. No. 26 34-1 at 1. The request is DENIED. It is not appropriate to take judicial notice of documents for the purpose Meta seeks (to consider the contents and meaning of those documents) merely because 27 they are available online. The passing reference in one paragraph of the Complaint out of 200 to 1 DISCUSSION 2 I. PRIVACY CLAIMS 3 Meta argues that plaintiffs’ invasion of privacy claims based on the California constitution 4 and common law intrusion on seclusion fail because these plaintiffs do not identify any specific, 5 sensitive information that they believe Meta received about them. I accept plaintiffs’ allegations 6 in the Complaint as true and disagree with Meta. 7 In the Complaint, plaintiffs allege that they provided specific categories of information to 8 Cerebral, a mental telehealth provider. As part of creating an account on Cerebral to receive 9 mental health services, plaintiffs disclosed personally identifying information, as well as responses 10 to questions regarding their mental health in the past few weeks. See Compl. ¶ 37 (the information 11 received by Meta included that each plaintiff “had created an account, first name, last name, phone 12 number, email, and zip code. This type of account creation data is in and of itself identifiable 13 health information, as accounts were only created by people seeking treatment from Cerebral 14 (rather than casually browsing its site)”); id. ¶ 38 (“But the Pixel also intercepted answers to intake 15 questionnaires that Cerebral patients had to complete as part of the sign-up process, such as how 16 often in the previous two weeks they had felt ‘down, depressed, or hopeless.’ Like the account 17 creation data, the questionnaire responses showed that Plaintiffs were actively using Cerebral’s 18 services, while also broadcasting Plaintiffs’ specific symptoms directly to Meta.”). 19 Meta contends that these allegations are deficient, pointing in part to my September 2023 20 Order in the In re Meta Healthcare Pixel Litigation case. There, I dismissed the privacy-based 21 claims and required plaintiffs to “amend to describe the types or categories of sensitive health 22 information that they provided through their devices to their healthcare providers. That basic 23 amendment (which can be general enough to protect plaintiffs’ specific privacy interests) will 24 allow these privacy claims to go forward.” Doe v. Meta Platforms, Inc., No. 22-CV-03580-WHO, 25 2023 WL 5837443, at *8 (N.D. Cal. Sept. 7, 2023). In that case, plaintiffs had alleged that both 26 unprotected and protected healthcare information had been intercepted, but had not identified the 27 type of sensitive healthcare information they provided to their healthcare provider that they 1 This case is different. Cerebral is not simply a healthcare provider; it is a mental health 2 services provider. Plaintiffs affirmatively allege that they were not simply surfing the web seeking 3 information about routine or general healthcare topics. Instead, the information (including 4 otherwise somewhat innocuous information like name and zip code) was secured by Meta from 5 Cerebral in the process of accounts being created “by people seeking treatment from Cerebral 6 (rather than casually browsing its site).” Compl. ¶ 37. 7 Plaintiffs have identified the specific types of information required by Cerebral in order to 8 open their accounts. That information, some of which would ordinarily not be protected, plausibly 9 becomes sensitive or private considering that plaintiffs were seeking mental health services. Meta 10 provides no caselaw regarding disclosure of personally identifying information from individuals 11 seeking mental health services or other caselaw that would preclude this type of invasion of 12 privacy claim as a matter of law at the motion to dismiss stage.4 13 The motion to dismiss the privacy claims is DENIED. 14 II. UCL & CLRA 15 Meta moves to dismiss plaintiffs’ UCL and CLRA claims, arguing that plaintiffs fail to: (1) 16 plead that they saw and relied on particular misrepresentations, as required under Rule 9(b) 17 because both claims sound in fraud; (2) allege cognizable harm under the CLRA and UCL; (3) 18
19 4 The cases Meta cites in its reply are unhelpful. In I.C. v. Zynga, Inc., 600 F. Supp. 3d 1034, 1049 (N.D. Cal. 2022), a data breach case against a social gaming company, the court explained 20 that it was “hard pressed to conclude that basic contact information, including one’s email address, phone number, or Facebook or Zynga username, is private information. All of this information is 21 designed to be exchanged to facilitate communication and is thus available through ordinary inquiry and observation.” The context of that data breach case, and users’ reasonable expectations 22 and conduct when engaging with the social games the defendant offered, made the lack of a plausible invasion of privacy claim related to disclosure of “basic” information apparent. See also 23 id. at 1049 (further noting privacy claim not plausible where “there is no allegation that the gaming accounts for which plain text passwords were taken contain confidential information,” 24 “plaintiffs do not allege that any of their actual first or last names were exposed in the data breach, suggesting that their anonymity is preserved,” and “with the exception of a date of birth, which is 25 immutable, all of this information can be changed”); see also Ji v. Naver Corp., No. 21-CV- 05143-HSG, 2022 WL 4624898, at *1 (N.D. Cal. Sept. 30, 2022) (considering app that allowed 26 users to take and edit photos and videos and concluding that “user and device identifiers” were not the type of information that could give rise to a privacy injury, although collection and storage of 27 biometric information was sufficient to support standing). The nature of the invasion of privacy 1 plead that they are consumers within the CLRA; and (4) satisfy the required “balancing” or 2 “tethering” tests for plaintiffs’ unfair claim under the UCL.5 3 A. Fraud/Rule 9(b) 4 To start, plaintiffs do not need to meet Rule 9(b) or identify misrepresentations based on 5 their claims that Meta’s conduct is unfair or illegal under the UCL.6 See Compl. ¶ 182 6 (identifying bases for illegal prong claim); see also In re Zoom Video Commc'ns Inc. Priv. Litig., 7 525 F. Supp. 3d 1017, 1045 (N.D. Cal. 2021) (plaintiffs’ “UCL claims of unlawful or unfair 8 conduct are not subject to Rule 9(b). . . . Only claims sounding in fraud are subject to the 9 heightened pleading requirements of Rule 9(b).”); Torres v. Botanic Tonics, LLC, No. 23-CV- 10 01460-VC, 2023 WL 8852754, at *4-5 (N.D. Cal. Dec. 21, 2023) (“Moreover, it’s worth recalling 11 that there are three ways to violate the UCL: fraudulent practices, unlawful practices, and unfair 12 practices. If [plaintiff] were asserting a claim under the fraudulent-practices prong, it would make 13 sense to require him to satisfy the legal standards for pleading a fraudulent omission claim. But 14 there is no reason to think that the only way a defendant can incur liability under the UCL for the 15 failure to disclose information is through the fraudulent-practices prong. If the withholding of 16 information is part of an unfair business practice that falls short of outright fraud, it could still give 17 rise to liability (assuming the tests developed for establishing liability under the unfair-practices 18 prong are met).”).7 19 Considering the fraud prong of the UCL, which invokes Rule 9(b), plaintiffs explain that 20 they do not need to disclose or identify any particular representations Meta made or to satisfy the 21 9(b) standard because their fraud-based claim is that “Meta fraudulently omitted information about 22
23 5 See Davis v. HSBC Bank Nevada, N.A., 691 F.3d 1152, 1170 (9th Cir. 2012) (explaining balancing and tethering tests for unfair conduct under the UCL). 24
6 The UCL prohibits any “unlawful, unfair or fraudulent business act or practice.” Cal. Prof. & 25 Bus. Code § 17200. Each prong provides a separate and distinct theory of liability. Rubio v. Cap. One Bank, 613 F.3d 1195, 1203 (9th Cir. 2010) (citations omitted). 26
7 Because plaintiffs plead the interception of their healthcare data alleged would be illegal and 27 unfair under the UCL, regardless of what disclosures or representations Meta made, plaintiffs’ 1 its collection of non-users’ protected healthcare information.” Oppo. at 8. See MacDonald v. 2 Ford Motor Co., 37 F. Supp. 3d 1087, 1096 (N.D. Cal. 2014) (recognizing a less stringent 3 pleading standard for omissions-based fraud claims). Under this type of claim, especially 4 considering that plaintiffs are not Facebook users and would have no reason to review Meta’s 5 terms and conditions or other disclosures to users, it is enough for plaintiffs to allege what they 6 have: had Meta revealed its collection and use of non-users’ protected healthcare information, they 7 would have been aware of it through media coverage, in light of extensive media coverage of 8 Facebook and prior “scandals,” and would have behaved differently. Compl. ¶¶ 200-201. Those 9 specific allegations are sufficient. See In re Carrier IQ, Inc., 78 F. Supp. 3d 1051, 1114 (N.D. 10 Cal. 2015) (finding “the SCAC contains sufficient allegations from which it can be inferred that 11 had Defendants reasonably disclosed the existence and functionality of the Carrier IQ Software—a 12 material fact exclusively in Defendants’ knowledge—Plaintiffs would have been aware of it” and 13 acted differently, sufficient to plead fraud-based UCL claim); but see In re Apple Processor Litig., 14 No. 22-16164, 2023 WL 5950622, at *2 (9th Cir. Sept. 13, 2023 (affirming dismissal where the 15 complaint, unlike here, did not “contain allegations that Plaintiffs themselves were likely to 16 encounter the news reports or to read Apple’s press releases”). 17 Considering the CLRA, Meta notes that I dismissed plaintiffs’ CLRA claim in the In re 18 Meta Pixel Healthcare Litigation case. There, the CLRA claim was based on representations 19 Meta affirmatively made, invoking three separate CLRA subsections, Cal. Civ. Code § 1770(2), 20 (5), and (14). None of the plaintiffs there alleged that they saw and relied on particular 21 misrepresentations. See Doe v. Meta Platforms, Inc., 2023 WL 5837443, at *17. Here, the CLRA 22 claim is based on “concealments and omissions,” specifically that:
23 1) [Meta] continued to invite the disclosure of sensitive health information in violation of numerous state and federal laws, and 2) it 24 was actually receiving such information because 3) its system was configured to accept health information regardless of whether patients 25 have given the statutorily required permissions, thereby violating § 1770(a)(2), (3), and (14) of the CLRA. 26 Compl. ¶ 198. For the same reasons that the UCL claim survives, the CLRA claim survives as 27 well. B. Cognizable Harm 1 A UCL claim may only be brought by “a person who has suffered injury in fact and has 2 lost money or property as a result of the unfair competition.” Cal. Bus. & Prof. Code § 17204. 3 Therefore, plaintiffs must “demonstrate some form of economic injury,” such as surrendering 4 more or acquiring less in a transaction, having a present or future property interest diminished, 5 being deprived of money or property, or entering into a transaction costing money or property that 6 would otherwise have been unnecessary. Kwikset Corp. v. Superior Court, 51 Cal. 4th 310, 323, 7 (2011). In Doe v. Meta Platforms, Inc., 2023 WL 5837443 (N.D. Cal. Sept. 7, 2023), the UCL 8 claim was dismissed with leave to amend because of plaintiffs’ “failure to separately allege a 9 benefit of the bargain basis for ‘loss of money or property’ under the UCL and in light of the 10 inconsistent allegations regarding how plaintiffs could and would participate in a legitimate 11 market for health care information.” Id. at *17. 12 Under the CLRA, “not only must a consumer be exposed to an unlawful practice, but some 13 kind of damage must result.” Meyer v. Sprint Spectrum L.P., 45 Cal. 4th 634, 641, 643 (2009). 14 However, the damage allegations necessary to support CLRA standing are not limited to lost 15 money or property (as under the UCL), as damages under the CLRA can include “ transaction 16 costs to avoid the consequences of a deceptive practice” as well as “opportunity costs.” Id.8 17 Here, plaintiffs allege that they paid more for their services for Cerebral than they 18 otherwise would have had they known about Meta’s interception of their information and they 19 allege that “they paid the Covered Entity [Cerebral], which used Plaintiffs’ payments to fund its 20 purchase of targeted advertising from Meta.” Compl. ¶¶ 13, 66, 163, 189, 190. Contrary to 21 Meta’s arguments, the benefit of the bargain theory is not simply a repackaged “lost value of PII” 22 theory rejected in Doe v. Meta Platforms, Inc., 2023 WL 5837443 (N.D. Cal. Sept. 7, 2023). It is 23 a significantly different theory of harm and damage. Plaintiffs identify a number of cases where 24
25 8 Meta argues that the standard is the same under both the UCL and CLRA, but as shown by Meyer, it is not. However, satisfying the UCL standing requirement necessarily satisfies the 26 CLRA standard. See Hinojos v. Kohl’s Corp., 718 F.3d 1098, 1108 (9th Cir. 2013), as amended on denial of reh'g and reh'g en banc (July 8, 2013) (“Because the ‘any damage’ standard includes 27 even minor pecuniary damage, we conclude that any plaintiff who has standing under the UCL’s 1 benefit of the bargain allegations sufficed where the defendant was the entity that plaintiffs paid. 2 See Oppo. at 5. The distinction here, of course, is that plaintiffs are asserting lost money or 3 property and CLRA damage based on their payments to Cerebral, not Meta. 4 Plaintiffs argue that this distinction does not diminish their injury for standing purposes or 5 their ability to seek restitution from Meta. See, e.g., City & Cnty. of San Francisco v. Purdue 6 Pharma L.P., 491 F. Supp. 3d 610, 695 (N.D. Cal. 2020) (collecting cases under the UCL 7 supporting that a “defendant can be liable for restitution under the UCL even if it is not the direct 8 recipient of a plaintiff’s misappropriated funds.”); see also Shersher v. Superior Ct., 154 Cal. App. 9 4th 1491, 1500 (2007) (UCL “requires only that the plaintiff must once have had an ownership 10 interest in the money or property acquired by the defendant through unlawful means.”). They 11 contend Wesch v. Yodlee, Inc., No. 20-CV-05991-SK, 2021 WL 1399291, at *6 (N.D. Cal. Feb. 12 16, 2021), which Meta relies on, is not to the contrary. There, the court rejected standing for a 13 UCL claim against a defendant who allegedly intercepted plaintiffs’ sensitive financial data that 14 had been disclosed to PayPal. Id. at *6 (“Plaintiffs have not alleged a transaction or contract with 15 Yodlee, therefore, it is not clear how they alleged such damages.”). Plaintiffs distinguish Wesch 16 because there was no allegation there that plaintiffs paid PayPal for its services. Id. at *6. 17 Plaintiffs assert that their case is closer to In re Anthem, Inc. Data Breach Litig., No. 15-MD- 18 02617-LHK, 2016 WL 3029783 (N.D. Cal. May 27, 2016), where plaintiff “paid money for health 19 insurance premiums, which were used to pay for services offered by Defendants.” Id. at *30. 20 This case is closer to In re Anthem and is unlike cases where plaintiffs asserted a benefit of 21 the bargain theory to satisfy UCL and CLRA standing but did not allege tht they paid anyone for 22 the services or products provided. Plaintiffs have plausibly alleged lost money or property and 23 CLRA damage to state claims against Meta based on their payments to Cerebral and Cerebral 24 paying Meta for its services. Whether, of course, they will be entitled to restitution from Meta 25 under the UCL or damages from Meta under the CLRA will be matters determined at the 26 appropriate time and tested on an evidentiary record. But plaintiffs have adequately alleged lost 27 money or property and harm with respect to Meta. C. CLRA Consumers 1 Meta separately moves to dismiss the CLRA claim because plaintiffs were not 2 “consumers” of Meta’s product and did not engage in a transaction with Meta. See Cal. Civ. Code 3 § 1761(d) (“‘Consumer’ means an individual who seeks or acquires, by purchase or lease, any 4 goods or services for personal, family, or household purposes”); Civ. Code § 1770 (“(a) The unfair 5 methods of competition and unfair or deceptive acts or practices listed in this subdivision 6 undertaken by any person in a transaction intended to result or that results in the sale or lease of 7 goods or services to any consumer are unlawful” (emphasis added)). Plaintiffs have clearly 8 alleged that they are consumers who engaged in a transaction with Cerebral; the question is 9 whether they can assert their CLRA claim against Meta, with whom they did not knowingly 10 transact anything. 11 Meta relies on cases where the CLRA claim failed because the plaintiff did not pay a 12 defendant for goods and services. Mot. at 6; Reply at 6; see, e.g., In re Facebook Priv. Litig., 791 13 F. Supp. 2d 705, 717 (N.D. Cal. 2011), aff'd, 572 F. App'x 494 (9th Cir. 2014) (dismissing of 14 CLRA claim based on plaintiffs’ allegations that “Defendant ‘allows anyone ... to register for its 15 services free of charge.’”); Claridge v. RockYou, Inc., 785 F. Supp. 2d 855, 864 (N.D. Cal. 2011) 16 (where defendant provided free social medial application, plaintiff was not a consumer under the 17 CLRA “since he did not ‘purchase or lease’ any goods or services from defendant—a strict 18 requirement under the statute.”). These cases are not on point. Absent persuasive authority 19 interpreting California law governing this consumer protection statute, I will not dismiss the claim 20 at this juncture. How far the CLRA transaction requirement stretches, and whether the allegedly 21 “unfair or deceptive acts or practices” of Meta were adequately “undertaken” by Meta through “a 22 transaction intended to result or that results in the sale or lease of goods or services” – here the 23 creation of accounts for mental telehealth services – is better considered on an evidentiary record. 24 D. Unfair Conduct 25 Finally, Meta moves to dismiss the unfair prong UCL claim for failure to plead facts to 26 plausibly support the required “balancing” or “tethering” tests for consumer claims under the 27 UCL. See Lozano v. AT & T Wireless Servs., Inc., 504 F.3d 718, 735 (9th Cir. 2007) 1 (the balancing test “involves balancing the harm to the consumer against the utility of the 2 defendant's practice” and the tethering test requires “that the unfairness be tied to a ‘legislatively 3 declared’ policy”). Plaintiffs allege that Meta’s conduct:
4 violated California’s strong public policy in favor of protecting consumers’ privacy interests, which is reflected in the state’s broad 5 constitutional and statutory privacy protections, as well as the federal policy of ensuring that health information remains private. 6 Additionally, Meta’s interception of users’ deeply private information, in violation of its own policies, was unethical, immoral, 7 and unscrupulous. 8 Compl. ¶ 187. These plausible allegations satisfy plaintiffs’ pleading burden under the tethering 9 test. I need not separately consider the balancing test.9 10 The motion to dismiss plaintiffs’ UCL claim is DENIED. The motion to dismiss plaintiffs’ 11 CLRA claim is DENIED. 12 III. CONVERSION 13 To state a claim for conversion, plaintiffs must show “‘ownership or right to possession of 14 property, wrongful disposition of the property right and damages.’” Kremen v. Cohen, 337 F.3d 15 1024, 1029 (9th Cir. 2003) (quoting G.S. Rasmussen & Assocs., Inc. v. Kalitta Flying Serv., Inc., 16 958 F.2d 896, 906 (9th Cir.1992)). 17 A. Ownership or Right of Possession 18 Ownership or right of possession is determined by a three-part test: “First, there must be an 19 interest capable of precise definition; second, it must be capable of exclusive possession or 20 control; and third, the putative owner must have established a legitimate claim to exclusivity.” 21 G.S. Rasmussen, 958 F.2d at 903 (footnote omitted); see also Kremen, 337 F.3d at 1030 (applying 22 three part test). 23 In support of the conversion claim, plaintiffs allege:
24 Plaintiffs and Class Members have a property interest in the identifiable health care data they provide to Covered Entities. They 25 have exclusive possession of this data, as demonstrated by the legally protectable right and interest in the data conferred by the web of state 26
27 9 See, e.g., In re Anthem, Inc. Data Breach Litig., 162 F. Supp. 3d 953, 990 (N.D. Cal. 2016) and federal regulations that strictly governs the dissemination of this 1 information and generally requires patients’ explicit, specific authorization for it to be shared and used outside narrow, strictly 2 defined circumstances. This data can only be acquired by covered entities with patients’ assent, and they alone can, without restriction, 3 permit this data to be shared with third parties and sanction its use outside of specific statutorily defined functions. Furthermore, without 4 Plaintiffs’ and Class Members’ experiences and efforts to describe and seek treatment for their health conditions, this data would not 5 exist in the first place (nor could it be aggregated into records for use by medical professionals. 6 Compl. ¶ 169. 7 Meta argues that plaintiffs fail to allege sufficient exclusive use because Meta received 8 only copies of plaintiffs’ information and the information at issue remains in plaintiffs’ possession 9 for their continued use, e.g., to communicate with their medical or mental health providers. See, 10 e.g., FMC Corp. v. Cap. Cities/ABC, Inc., 915 F.2d 300, 303–04 (7th Cir. 1990) (noting “receipt 11 of copies of documents, rather than the documents themselves, should not ordinarily give rise to a 12 claim for conversion” and explaining the “reason for this rule is that the possession of copies of 13 documents—as opposed to the documents themselves—does not amount to an interference with 14 the owner's property sufficient to constitute conversion. [] In cases where the alleged converter has 15 only a copy of the owner’s property and the owner still possesses the property itself, the owner is 16 in no way being deprived of the use of his property. The only rub is that someone else is using it 17 as well.” (internal quotations omitted)); see also Karls v. Wachovia Tr. Co. of California, No. 18 A126669, 2010 WL 4233047, at *4 (Cal. Ct. App. Oct. 27, 2010) (addressing allegations that 19 defendant converted the “idea” of his tax strategy and holding, “[e]ven if plaintiff had identified a 20 form of ‘property’ susceptible to conversion . . . the FAC’s contain no allegations as to how 21 defendants substantially interfered with his own use or possession of the property in issue. His 22 complaints essentially relate that his corporate tax strategy was utilized by defendants, but nothing 23 more. He never alleges how any of the defendants substantially interfered with his own use or 24 possession of this corporate tax-reduction concept. Failure to allege substantial interference with 25 possession or right to possession permits rejection of the conversion claim.”); Jurisearch 26 Holdings, LLC v. Lawriter, LLC, No. CV0803068MMMVBKX, 2009 WL 10670588, at *7 (C.D. 27 Cal. Apr. 13, 2009 (“ Jurisearch cannot maintain a claim for conversion of the compact discs. 1 Where property is capable of being copied, wrongful possession of copies does not typically give 2 rise to a conversion claim if the rightful owner retains possession of the original or retains access 3 to other copies. See FMC Corp. v. Capital Cities/ABC, Inc., 915 F.2d 300, 304 (7th Cir. 1990).”); 4 McGowan v. Weinstein, 505 F. Supp. 3d 1000, 1022 (C.D. Cal. 2020) (claim either preempted by 5 copyright act or failed to state conversion because “Defendants did not deprive McGowan of 6 possession over her own copy of Brave” manuscripts, relying on Jurisearch and FMC). 7 Plaintiffs respond that the passage from FMC regarding copies not normally creating an 8 interference with property rights is dicta and otherwise inapposite. They rely on cases where 9 despite the fact that an owner retained copies of the information at issue, defendants could be 10 liable for use of the copied or otherwise intercepted information. See, e.g., G.S. Rasmussen & 11 Assocs., Inc. v. Kalitta Flying Serv., Inc., 958 F.2d 896, 906 (9th Cir. 1992) (addressing use of a 12 copied FAA certification, court found conversion adequately alleged where defendant, 13 “photocopied the certificate, presented it to the FAA, and thereby obtained a valuable benefit as a 14 consequence of using Rasmussen’s STC without authorization or permission”)10; Planned 15 Parenthood Los Angeles v. Gonzalez, No. B190490, 2007 WL 1087292, at *11 (Cal. Ct. App. 16 Apr. 12, 2007) (“We have not been provided nor have we found any published decision in 17 California that applies the rule in FMC, and we decline to do so. To the contrary, California courts 18 have recognized conversion claims based on the taking of copies of intangible personal property 19 even when the owner retains an original or copy.”); A & M Records, Inc. v. Heilman, 75 20 Cal.App.3d 554 (1977) (cause of action for conversion against defendant who duplicated 21 plaintiff’s recordings and sold them); Thrifty–Tel, Inc. v. Bezenek, 46 Cal.App.4th 1559, 1565 22 10 Meta attempts to distinguish the Rasmussen case by noting that the Court of Appeal recognized 23 there were no “conceptual or practical difficulties in restricting the right to the holder of the” certification required by the FAA, thereby satisfying the second prong of the test. See Rasmussen, 24 958 F.2d at 903. Meta argues here that because there are many users of plaintiffs’ healthcare information – presumably because plaintiffs provide their information to various healthcare 25 providers to receive services – as a result “plaintiffs’ healthcare information can exist on multiple devices, websites, and forms, and multiple people can access and use the information without 26 excluding plaintiffs.” Mot. at 8. But assuming this is the right standard to apply to the facts of this case – surreptitiously securing sensitive healthcare information – discovery may or may not 27 show that there are too many “conceptual or practical difficulties in restricting the right” of 1 (1996) (recognizing in dicta conversion of information recorded on floppy disk).11 2 A recent Ninth Circuit case, Best Carpet Values, Inc. v. Google, LLC, No. 22-15899, 2024 3 WL 119670 (9th Cir. Jan. 11, 2024), applied Kremen to determine whether copies of a website 4 could form the basis of a trespass to chattels claim (requiring the same three part ownership or 5 right of possession test). The court explained why the plaintiff failed parts two and three of that 6 test:
7 Second, a website copy is not “capable of exclusive possession or control.” Id. Plaintiffs have not alleged, nor could they allege, that 8 they retain control over the copies of their websites that are generated and sent to users’ devices. Unlike a domain name, where the registrant 9 “decides where on the Internet those who invoke that particular name—whether by typing it into their web browsers, by following a 10 hyperlink, or by other means—are sent[,]” id., once the website copy is generated and sent to the user’s device, users have control over 11 what to do with it—whether to click on a link on Plaintiffs’ sites, resize the page, navigate away from the page themselves, or click on 12 one of the links provided in the results. . . . 13 Third and finally, there is no “legitimate claim to exclusivity” over website copies. Kremen, 337 F.3d at 1030. Plaintiffs themselves 14 recognize that they do not control how their websites are displayed on different devices or web browsers. This lack of exclusivity renders 15 website copies fundamentally different from other types of intangible property recognized as being subject to California state-law property 16 claims. 17 Id. at *4-5; see also Spy Dialer, Inc. v. Reya LLC, No. EDCV181178FMOSHKX, 2019 WL 18 1873296, at *8 (C.D. Cal. Mar. 18, 2019) (“unlike domain names, which are capable of exclusive 19 possession or control by virtue of their registration, [] web traffic is distinctively ephemeral. . . . 20 Additionally, plaintiff has cited to no case holding that a property interest capable of conversion 21 exists in web traffic, and the court is aware of none.”). 22 Looking to the Ninth Circuit’s analysis in Best Carpet, plaintiffs’ allegations state a 23
24 11 Plaintiffs also rely on a series of cases where recordings or licensed broadcasts were subject to conversion claims. See, e.g., G & G Closed Cir. Events, LLC v. Velasquez, 2021 WL 3164096, at 25 *8 (E.D. Cal. July 27, 2021), report and recommendation adopted, 2021 WL 4846985 (E.D. Cal. Oct. 18, 2021) (finding conversion where defendant broadcast sporting event without a license and 26 collecting similar cases from District Courts throughout California); Flo & Eddie, Inc. v. Sirius XM Radio, Inc., 9 F.4th 1167, 1176 (9th Cir. 2021) (discussing concept of “exclusive use” and 27 recognizing that “when a defendant's reproduction of the content violates recognized property 1 plausible conversion claim despite the fact that plaintiffs obviously retain access to that 2 information and may have granted others access to their sensitive healthcare data. Meta does not 3 dispute that plaintiffs’ healthcare data is “capable” of their exclusive control; it is eminently 4 plausible that individuals do not want their sensitive health care data shared beyond the medical 5 and related professionals with whom they must share it to secure healthcare. Nor can Meta dispute 6 that plaintiffs have a legitimate claim to exclusivity for sensitive healthcare information; at least, 7 exclusivity to make the decision to whom to provide that information. That plaintiffs shared their 8 sensitive healthcare information over the internet – where it was surreptitiously copied by Meta – 9 does not by itself diminish the plausible inferences that plaintiffs want to keep the use of that 10 information within their exclusive control and share it only with healthcare providers of their 11 choosing for the purpose of securing treatment. 12 FMC, upon which all of Meta’s cases rely, addressed a news organization’s possession of 13 originals or copies of a federal contractor’s documents as part of the news organization’s reporting 14 on the contractor’s work for the federal government. The court mentioned in passing that 15 “ordinarily” conversion will not lie to require return of copies of documents. FMC, 915 F.2d at 16 303 (relying on Harper & Row Publishers, Inc. v. Nation Enterprises, 723 F.2d 195 (2d Cir. 17 1983), rev'd, 471 U.S. 539 (1985) (holding that “merely removing one of number of copies of 18 manuscript for short time, copying parts of it, and returning it undamaged constituted far too 19 insubstantial interference with property right to demonstrate conversion.”)). In addition to having 20 totally inapposite facts, Meta ignores how the results of cases in this area turn on their context. It 21 is never that possession of “copies” of information ends the analysis; the analysis also considers 22 the nature of the information at issue, the relationships between the parties, how the defendants 23 came into possession of the information, and defendants’ use of the information. 24 Surreptitious interception of personal healthcare information that is then used or sold by 25 Meta to third parties, depriving plaintiffs of their ability to control who has access to their 26 sensitive information and how that information is used, is wholly different than possession by 27 news organizations of public contractor documents, the possession of manuscripts that were 1 ephemeral web traffic. See FMC, McGowan, Harper & Row, Karls, and Spy Dialer, Inc., supra. It 2 is more similar to dispossession of a domain name, commercial use of a copy of a FAA certificate, 3 unlicensed broadcast of a performance, and wrongful possession of internal operating documents. 4 See Kremen, Rasmussen, G & G Closed Cir. Events, LLC, and Planned Parenthood supra. 5 At summary judgment or trial, Meta may argue that the way plaintiffs used or disseminated 6 their sensitive healthcare information undercuts their ability to show ownership or exclusive right 7 of possession (as that term is broadly construed under California law). For now, plaintiffs have 8 plausibly stated those exclusive rights. 9 B. Wrongful Act 10 Meta also contends that plaintiffs fail to allege a wrongful act by Meta – the conversion 11 “by a wrongful act or disposition of property”12 – because Meta employs a filter designed to 12 prevent use of potentially sensitive data and even if that filter is ineffective (as plaintiffs allege) 13 that is insufficient to show wrongful intent. I rejected a similar intent argument by Meta in Doe v. 14 Meta Platforms, Inc., No. 22-CV-03580-WHO, 2023 WL 5837443, at *3 (N.D. Cal. Sept. 7, 15 2023), in connection with the federal Wiretap Act and privacy claims (“What Meta’s true intent is, 16 what steps it actually took to prevent receipt of health information, the efficacy of its filtering 17 tools, and the technological feasibility of implementing other measures to prevent the transfer of 18 health information, all turn on disputed questions of fact that need development on a full 19 evidentiary record.”); see also id. *7 (privacy claims). In addition, plaintiffs here allege that 20 “Meta actively urged Covered Entities to use the Pixel and aggressively targeted health care 21 companies as advertising clients—businesses whose placement of a Pixel on their sites would by 22 definition involve the transmission of protected health care information.” Compl. ¶ 175. That is 23 sufficient to rebut Meta’s assertion it was only a “passive” recipient of information at this stage. 24 C. Damages 25 Finally, Meta argues – similar to arguments raised repeatedly in In re Meta Pixel 26 Healthcare Litigation cases – that plaintiffs have failed to plead facts showing that they suffered 27 1 damage as a result of the alleged conversion of their personally identifying information. 2 Plaintiffs respond that the discussions of trespass to chattels, as in In re Metal Pixel 3 || opinions, and what impact Meta’s trespass had on the devices of the plaintiffs here, is irrelevant to 4 || conversion, a claim that concerns injury from loss of exclusive use or control of property (here 5 healthcare data). Plaintiffs note that, by statute, California sets damages for conversion at the 6 || value of the property. See Lueter v. State of California, 94 Cal. App. 4th 1285, 1302 (2002) (“As 7 a general rule, the value of the converted property is the appropriate measure of damages, and 8 || resort to the alternative occurs only where a determination of damages on the basis of value would 9 || be manifestly unjust.”); Cal. Civ. Code § 3336 (“The detriment caused by the wrongful conversion 10 || of personal property is presumed to be: First — The value of the property at the time of the 11 conversion”). Plaintiffs allege that the value of the converted healthcare data is determinable “by 12 || the fair market value of their health data at the time of the conversion, which is readily 5 13 ascertainable in light of the robust market for health care data described earlier in the complaint.” 14 |} Compl. 4177. 15 Defendants rely on Intel Corp. v. Hamidi, 30 Cal. 4 1342, 1350 (2003), but Hamidi a 16 || concerned the inapposite question of what impact the trespass to chattels had on the plaintiff's 3 17 email system. And in In re Meta Pixel Healthcare Litigation, the trespass to chattels question is 18 || what impact Meta’s conduct had on the users’ devices. The focus here is whether plaintiffs have 19 adequately alleged damages for the conversion of their converted healthcare information. Given 20 || the available statutory damages, Meta’s argument fails. 21 CONCLUSION 22 Meta’s motion to dismiss is DENIED in full. 23 IT IS SO ORDERED. 24 || Dated: February 12, 2024 VM.Q2 26 Mliam H. Orrick United States District Judge 28