James v. Allstate Insurance Company

• Court: District Court, N.D. California
• Decided: December 22, 2023
• Docket: 3:23-cv-01931
• Status: Unknown

Opinion

1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 CONRAD JAMES, Case No. 3:23-cv-01931-JSC

8 Plaintiff, ORDER RE: MOTIONS TO DISMISS v. 9 Re: Dkt. Nos. 37, 38 10 ALLSTATE INSURANCE COMPANY, et al., 11 Defendants.

12 13 Conrad James brings this putative class action against Allstate, an insurance company, and 14 Heap, a software service provider, for violations of the California Invasion of Privacy Act 15 (“CIPA”) §§ 631, 632.7, California’s Unfair Competition Law (“UCL”), Cal. Bus. & Prof. Code § 16 17200 et seq., and the California Constitution’s right to privacy. Defendants move to dismiss 17 under Federal Rule of Civil Procedure 12(b)(6). (Dkt. Nos. 37, 38.1) After carefully reviewing 18 the papers submitted and having had the benefit of oral argument on December 21, 2023, the 19 Court GRANTS Defendants’ motions to dismiss. Drawing all reasonable inferences from the 20 amended complaint’s allegations in Plaintiff’s favor, Plaintiff does not plausibly allege 21 Defendants’ liability. 22 BACKGROUND 23 In November and December 2022, Plaintiff, while in California, used his computer and 24 mobile phone to access Allstate’s website and search for an insurance quote. (Dkt. No. 34 at ¶¶ 25 48, 49.) Plaintiff’s electronic communications were recorded in real time “to attempt to learn the 26 identity, email address, zip code, age, height, weight, use of prescription medications and tobacco 27 1 products, and other [Personally Identifiable Information] PII and [Personal Health Information] 2 PHI of Plaintiff while he sought an insurance quote.” (Id. at ¶ 50.) Plaintiff was not aware “his 3 keystrokes, mouse clicks, and other electronic communications, including the information 4 described above, were being intercepted in real time” and disclosed to a third party, Heap; “nor did 5 Plaintiff consent to share his private information with Heap.” (Id. at ¶ 51.) 6 Heap is a software as a service company that “provides software which monitors and 7 records a website user’s activity on a webpage.” (Id. at ¶ 20.) “To obtain a quote on an Allstate 8 insurance plan, consumers fill out a form online at Allstate.com” by clicking the “get a quote” 9 button. (Id. at ¶ 30.) Allstate uses Heap’s JavaScript and when customers click the “get a quote” 10 button and answer questions about their medical health, the “responses are automatically sent to 11 Heap.” (Id. at ¶¶ 31-32.) “Heap provides data retention to its customers and charges a fee for 12 storing and retaining its customers’ data.” (Id. at ¶ 26.) “Users who visit Allstate’s website to get 13 an insurance quote are not put on notice of its Privacy Statement, the Terms of Use, or provided 14 with any other notification that the sensitive information they are submitting is being recorded by 15 Allstate or Heap or shared by Allstate with Heap or any other third party.” (Id. at ¶ 35.) 16 Plaintiff filed this putative class action in the San Francisco County Superior Court 17 bringing claims under California Penal Code § 631, California’s Unfair Competition Law, and for 18 invasion of privacy under the California Constitution. (Dkt. No. 1-1.) Defendants removed the 19 action to federal court under the Class Action Fairness Act, 28 U.S.C. § 1332(d). (Dkt. No. 1.) 20 Shortly thereafter, Defendants separately moved to dismiss for failure to state a claim under 21 Federal Rule of Civil Procedure 12(b)(6). (Dkt. Nos. 28, 29.) The parties stipulated to Plaintiff 22 filing an amended complaint adding a claim under California Penal Code § 632.7. (Dkt. No. 32.) 23 Plaintiff then filed his Amended Complaint and Defendants again moved to dismiss. (Dkt. Nos. 24 34, 37, 38.) 25 DISCUSSION 26 This case is one of many throughout district courts in California challenging the use of 27 third-party software to record website visitors’ activity without their knowledge. Plaintiff alleges 1 (“CIPA”), California Penal Code Section 631 et seq., and an invasion of privacy under the 2 California Constitution. 3 I. Section 631 4 Section 631(a) of the California Penal Code penalizes:

5 Any person who, by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any 6 unauthorized connection, whether physically, electrically, acoustically, inductively, or otherwise, with any telegraph or 7 telephone wire, line, cable, or instrument, including the wire, line, cable, or instrument of any internal telephonic communication 8 system,

9 or

10 who willfully and without the consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to 11 read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, 12 line, or cable, or is being sent from, or received at any place within this state; 13 or 14 who uses, or attempts to use, in any manner, or for any purpose, or to 15 communicate in any way, any information so obtained,

16 or

17 who aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the 18 acts or things mentioned above in this section[.] 19 Cal. Penal Code § 631(a) (line breaks added). The statute “prescribes . . . penalties for three 20 distinct and mutually independent patterns of conduct: intentional wiretapping, willfully 21 attempting to learn the contents or meaning of a communication in transit over a wire, and 22 attempting to use or communicate information obtained as a result of engaging in either of the two 23 previous activities.” Tavernetti v. Super. Ct., 22 Cal. 3d 187, 192 (1978). 24 Plaintiff contends Heap is directly liable under the first and second clauses (patterns of 25 conduct), and Allstate is liable under fourth clause based on aiding, agreeing with, and conspiring 26 with Heap to violate Section 631(a). 2 27 1 A. Section 631(a)—Clause One 2 Heap insists Plaintiff’s claim under the first clause of Section 631(a) fails because it only 3 protects communications that are made over a “wire, line, or cable”—not communications over a 4 smartphone or computer as alleged here. Indeed, the plain text of the statute “expressly requires 5 that the unauthorized ‘connection’ be made with ‘any telegraph or telephone wire, line, cable, or 6 instrument.’” In re Google Assistant Priv. Litig., 457 F. Supp. 3d 797, 825 (N.D. Cal. 2020) 7 (quoting Cal. Penal Code § 631(a)). Plaintiff’s reliance on Javier v. Assurance IQ, LLC, No. 21- 8 16351, 2022 WL 1744107, at *1 (9th Cir. May 31, 2022), is unpersuasive. Javier stated:

9 Though written in terms of wiretapping, Section 631(a) applies to Internet communications. It makes liable anyone who “reads, or 10 attempts to read, or to learn the contents” of a communication “without the consent of all parties to the communication.” Cal. Penal 11 Code § 631(a). The district court held that consent under Section 631(a) is valid even if it is given after the communication has taken 12 place. We disagree. 13 Id. In stating 631(a) applies to the internet, Javier was discussing and quoting from the second 14 clause: “reads, or attempts to read, or to learn the contents” of a communication “without the 15 consent of all parties to the communication.” As only the second clause contains that language, 16 including any “consent” requirement, and as each clause is “distinct” and “independent,” 17 Tavernetti, 22 Cal. 3d at 192, Javier says nothing about whether clause one applies to the internet 18 despite its plain language to the contrary. See In re Google Inc., No. 13-MD-02430-LHK, 2013 19 WL 5423918, at *20 (N.D. Cal. Sept. 26, 2013) (concluding clause two applies to internet 20 communications because, unlike clause one, clause two is not limited to telegraphic and telephone 21 wires and the Legislature intended the two clauses to apply to different technologies). 22 Because Section 631(a)’s plain text does not prohibit the non-telephone wire, line, cable or 23 instrument conduct described here, Plaintiff does not state a claim under clause one. 24 // 25

26 would fail as matter of law. CIPA protects speakers from “eavesdropping” by “third parties.” Ribas v. Clark, 38 Cal. 3d 355, 359 (1985). Plaintiff intended to communicate with Allstate. (Dkt. 27 No. 34 at ¶ 48.) So, Allstate is not a third-party eavesdropper. 1 B. Section 631(a)—Clause Two 2 Clause two applies if the third-party “willfully and without consent of all parties to the 3 communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents 4 or meaning of any message, report, or communication while the same is in transit or passing over 5 any wire, line, or cable, or is being sent from, or received at any place within this state[.]” Cal. 6 Penal Code § 631(a). Defendants insist Plaintiff’s Section 631 claim under clause two fails 7 because Heap is an extension of Allstate and merely enabled Allstate to record its own 8 communications. See In re Facebook, Inc. Internet Tracking Litig., 956 F.3d 589, 607 (9th Cir. 9 2020) (citing Warden v. Kahn, 99 Cal. App. 3d 805, 811 (1979) (“[S]ection 631 ... has been held 10 to apply only to eavesdropping by a third party and not to recording by a participant to a 11 conversation.”)). Plaintiff responds his allegation that Heap has “the capability to use its record of 12 the interaction for [another] purpose” is sufficient to plausibly allege it is a third party. (Dkt. No. 13 47 at 14 (quoting Javier v. Assurance IQ, LLC,. No. 20-cv-02860-CRB, 2023 WL 114225 (N.D. 14 Cal. Jan. 5, 2023) (emphasis in original)). 15 But even if Plaintiff plausibly alleges Heap is capable of using the recording for its own 16 purpose, Plaintiff has not plausibly alleged a different clause two requirement: Heap has “read, or 17 attempt[ed] to read, or to learn the contents or meaning of” the communication while the 18 communication is in transit to Heap. See Williams v. DDR Media, LLC, No. 22-CV-03789-SI, 19 2023 WL 5352896, at *4 (N.D. Cal. Aug. 18, 2023). In Williams, the court concluded because the 20 second clause “penalizes anyone who ‘reads, or attempts to read, or to learn the contents or 21 meaning of’ the communication,” clause two does not cover a software company that “merely 22 recorded the communication for retrieval by a party to the same communication.” Id. at *4 23 (quoting Cal. Penal Code § 631(a)). Plaintiff has similarly not alleged Heap read, attempted to 24 read, or to learn the meaning of his communications with Allstate; rather, he merely alleges Heap 25 recorded the data and stores it on its servers. (Dkt. No. 34 at ¶ 26.) Plaintiff’s allegation that “this 26 data is stored or can be accessed by Heap” is insufficient to support a plausible interference Heap 27 attempted to read or learn the contents of the communication while in transit. See Oklevueha 1 allegations and unwarranted inferences are insufficient to defeat a motion to dismiss.”). 2 Accordingly, Plaintiff’s allegations are insufficient to demonstrate Heap is liable under Section 3 631(a), clause two. Plaintiff’s Section 631(a) claim is therefore dismissed in its entirety.3 4 II. Section 632.7 5 Under Section 632.7,

6 [e]very person who, without the consent of all parties to a communication, intercepts or receives and intentionally records ... a 7 communication transmitted between two cellular radio telephones, a cellular radio telephone and a landline telephone, two cordless 8 telephones, a cordless telephone and a landline telephone, or a cordless telephone and a cellular radio telephone, shall be [guilty of a 9 crime.] 10 Cal. Penal Code § 632.7(a). As discussed above, Plaintiff does not allege Defendants received the 11 communication on a “cellular radio telephone,” a “landline telephone,” or a “cordless telephone.” 12 Cal. Penal Code § 632.7(a). Instead, Plaintiff contends that because he alleges he communicated 13 with Defendant using smartphones which he characterizes as “sophisticated cellular radio 14 telephones” “and/or devices enabled by cellular or landline telephony,” the communications were 15 “transmitted via a combination of landline telephony and cellular telephony.” (Dkt. No. 34 at ¶¶ 16 87-88.) Plaintiff’s attempt to fit his internet communication within the confines of Section 17 632.7(a)’s telephone-based communication is unavailing. 18 When interpreting California statutes, the Court begins with “the words themselves.” 19 Herrera v. Zumiez, Inc., 953 F.3d 1063, 1071 (9th Cir. 2020). As this Court has previously noted, 20 “§ 632.7 unambiguously limits its reach to communications between various types of telephones.” 21 Valenzuela v. Keurig Green Mountain, Inc., No. 22-CV-09042-JSC, 2023 WL 3707181, at *6 22 (N.D. Cal. May 24, 2023) (rejecting plaintiff’s invitation to rewrite section 632.7 for the internet 23 era). As in Valenzuela, Plaintiff “makes no persuasive argument the statute contemplates internet 24 communications between a smart phone and an unspecified device on Defendants[’] end.” Id. 25 Plaintiff’s argument that this case, unlike Valenzuela, involves smartphones, is unavailing as 26

27 3 Because the claim is dismissed, the Court need not reach Defendants’ other arguments as to the 1 Plaintiff alleges his cellphone communication occurred with Allstate on Allstate.com—that is, at 2 best, the communication was between a cellphone and the internet, not for example, over a phone 3 call or text message. 4 Plaintiff has not alleged either Defendant used telephone technology to 4 receive the communication so the statute does not apply. And, such an allegation would in any 5 event be implausible as Plaintiff alleges to have communicated with Allstate via its website on the 6 internet. 7 Accordingly, Defendants’ motions to dismiss Plaintiffs’ Section 632.7 claim are granted. 8 III. Invasion of Privacy 9 To bring a claim for invasion of privacy under the California Constitution, plaintiffs must 10 allege “(1) they possess a legally protected privacy interest, (2) they maintain a reasonable 11 expectation of privacy, and (3) the intrusion is so serious ... as to constitute an egregious breach of 12 the social norms such that the breach is highly offensive.”5 In re Facebook, Inc. Internet Tracking 13 Litig., 956 F.3d 589, 601 (9th Cir. 2020) (cleaned up). 14 A. Legally Protected Privacy Interest and Reasonable Expectation of Privacy 15 “Whether a legally recognized privacy interest is present in a given case is a question of 16 law to be decided by the court.” Hill v. Nat’l Collegiate Athletic Assn., 7 Cal. 4th 1, 40 (1994). 17 Courts generally recognize two types of privacy interests: (1) informational interests which 18 preclude the dissemination or misuse of sensitive confidential information; and (2) autonomy 19 interests “in making intimate personal decisions or conducting personal activities without 20 observation, intrusion, or interference.” Id. at 35. 21 Plaintiff has adequately alleged an informational privacy interest in his “email address, zip 22 code, age, height, weight, use of prescription medications and tobacco products, and other PII and 23 PHI.” (Dkt. No. 34 at ¶ 50.) See Norman-Bloodsaw v. Lawrence Berkeley Lab'y, 135 F.3d 1260, 24

25 4 Plaintiff’s reliance on Byars v. Goodyear Tire & Rubber Co., 2023 WL 1788553, at *5 (C.D. Cal. Feb. 3, 2023), is likewise availing. The Court finds that case unpersuasive for the reasons 26 stated in Byars v. Hot Topic, Inc., 2023 WL 2026994, at *11-12 (C.D. Cal. Feb. 14, 2023). 5 To the extent Plaintiff contends in his opposition brief that his invasion of privacy claim is also 27 based on a violation of the Federal Wiretap Act, 18 U.S.C. § 2510.3, no such claim is alleged in 1 1269 (9th Cir. 1998) (recognizing a “constitutionally protected privacy interest in avoiding 2 disclosure of personal matters clearly encompasses medical information and its confidentiality.”). 3 Plaintiff has likewise adequately alleged a reasonable expectation of the privacy of this 4 information which was “intercepted in real time and [] disclosed to Heap (a third party) while he 5 sought an insurance quote” from Allstate without his consent. (Dkt. No. 34 at ¶ 51.) See 6 Facebook Tracking, 956 F.3d at 601-02 (holding “[a] reasonable expectation of privacy exists 7 where a defendant gains “unwanted access to data by electronic or other covert means, in violation 8 of the law or social norms.”). 9 Allstate’s insistence Plaintiff had no cognizable privacy interest or reasonable expectation 10 of privacy because the data was collected while he was interacting with its website is unavailing. 11 First, the data collected in the cases upon which Allstate relies—browsing history—is not the 12 same as the Personally Identifiable Information (PII) and Personal Health Information (PHI) 13 collected here. See, e.g., Yoon v. Lululemon USA, Inc., 549 F. Supp. 3d 1073, 1086 (C.D. Cal. 14 2021) (holding no privacy interest in browsing data collected while on the defendant’s website); In 15 re Google Location Hist. Litig., 428 F. Supp. 3d 185, 198 (N.D. Cal. 2019) (holding no privacy 16 interest when Google “only tracked and collected data during use of Google services”). 17 Second, Allstate’s argument ignores the allegations that form the basis for the claim— 18 although Plaintiff voluntarily disclosed the information to Allstate, he was not aware Heap was 19 recording his keystrokes and information provided. (Dkt. No. 34 at ¶ 51.) Allstate’s reliance on 20 its Privacy Policy is misplaced. Generally, “district courts may not consider material outside the 21 pleadings when assessing the sufficiency of a complaint under Rule 12(b)(6).” Khoja v. Orexigen 22 Therapeutics, Inc., 899 F.3d 988, 998 (9th Cir. 2018). There are, however, “two exceptions to this 23 rule: the incorporation-by-reference doctrine, and judicial notice under Federal Rule of Evidence 24 201.” Id. While Plaintiff alleges Allstate’s website includes a “hyperlink [to the Privacy Policy] 25 that is located, among a multitude of links, in small letters at the very bottom of the page,” he also 26 alleges this link is insufficient to put Plaintiff and other users on notice of the Privacy Policy. 27 (Dkt. No. 34 as ¶¶ 40-41.) Further, Plaintiff alleges he himself did not receive notice of the 1 Privacy Policy under the incorporation by reference doctrine, drawing all inferences in Plaintiff’s 2 favor, the website hyperlink failed to disclose a third party’s capture of the Personally Identifiable 3 Information and Personal Health Information. To conclude otherwise would improperly draw 4 inferences in Defendants’ favor. See Khoja, 899 F.3d at 999 (“If defendants are permitted to 5 present their own version of the facts at the pleading stage—and district courts accept those facts 6 as uncontroverted and true—it becomes near impossible for even the most aggrieved plaintiff to 7 demonstrate a sufficiently ‘plausible’ claim for relief.”). So, the Privacy Policy does not defeat the 8 allegations supporting a reasonable expectation of privacy. 9 Accordingly, Plaintiff has adequately alleged a legally protected privacy interest and 10 reasonable expectation of privacy in his sensitive personal information. 11 B. Highly Offensive Conduct 12 “Actionable invasions of privacy must be sufficiently serious in their nature, scope, and 13 actual or potential impact to constitute an egregious breach of the social norms underlying the 14 privacy right.” Hill, 7 Cal. 4th at 37. “While analysis of a reasonable expectation of privacy 15 primarily focuses on the nature of the intrusion, the highly offensive analysis focuses on the 16 degree to which the intrusion is unacceptable as a matter of public policy.” Facebook Tracking, 17 956 F.3d at 606. Defendants insist Plaintiff’s allegations do not satisfy the highly offensive 18 standard because he “only alleges Defendants collected limited and routine information that 19 Plaintiff himself voluntarily provided in the course of applying for an insurance quote.” (Dkt. No. 20 49 at 12.) 21 Plaintiff’s response relies entirely on Hazel v. Prudential Fin., Inc., No. 22-CV-07465- 22 CRB, 2023 WL 3933073 (N.D. Cal. June 9, 2023), insisting that because Hazel found similar 23 allegations sufficiently alleged highly offensive conduct so too here. (Dkt. No. 47 at 18.) The 24 Court is unpersuaded. Hazel’s allegations go well beyond those here. In particular, Hazel relied 25 upon the allegation the software provider who stored the information analyzed the “[p]laintiffs’ 26 data to ‘certify’ them as ‘leads’ for buyers” which “exceed[ed] Plaintiffs’ reasonable expectations 27 of what their information would be used for.” Id. at *5. Ultimately, the court concluded “even if 1 in light of “the Ninth Circuit’s instruction that whether an intrusion is highly offensive is not 2 typically a question that should be resolved at the pleading stage” it would deny the motion to 3 dismiss. Id. (citing In re Facebook, Inc. Internet Tracking Litig., 956 F.3d 589, 606 (9th Cir. 4 2020); see also Katz-Lacabe v. Oracle Am., Inc., No. 22-CV-04792-RS, 2023 WL 2838118, at *7 5 (N.D. Cal. Apr. 6, 2023) (denying motion to dismiss where it was a similarly “close question”). 6 While the Court is mindful of the Ninth Circuit’s caution in Facebook that the question of 7 whether a defendant’s conduct “could highly offend a reasonable individual is an issue that cannot 8 be resolved at the pleading stage,” the plaintiffs there had alleged “surreptitious data collection 9 when individuals were not using Facebook” which the court found “sufficient to survive a 10 dismissal motion.” In re Facebook, 956 F.3d at 606. Plaintiff here has not alleged similar conduct. 11 Rather, “Plaintiff voluntarily provided information to [Allstate]; to the extent that information was 12 provided to a third party, plaintiff alleges no use by the third party other than storing that 13 information for [Allstate] to refer back to.” Williams v. DDR Media, LLC, No. 22-CV-03789-SI, 14 2023 WL 5352896, at *7 (N.D. Cal. Aug. 18, 2023). Such alleged conduct is not highly offensive 15 as a matter of law. Accordingly, Defendants’ motions to dismiss Plaintiff’s invasion of privacy 16 claim are granted. 17 IV. The UCL 18 Defendants urge Plaintiff lacks statutory standing to bring a UCL claim for injunctive 19 relief because he has not alleged economic loss. “While the substantive reach of [the UCL] 20 remains expansive,” to establish statutory standing to enforce the UCL’s provisions, a plaintiff 21 must “(1) establish a loss or deprivation of money or property sufficient to qualify as injury in 22 fact, i.e., economic injury, and (2) show that that economic injury was the result of, i.e., caused by, 23 the unfair business practice or false advertising that is the gravamen of the claim.” Kwikset Corp. 24 v. Superior Ct., 51 Cal. 4th 310, 322 (2011) (emphasis in original); see also Cal. Bus. & Prof. 25 Code § 17204 (“Actions for relief pursuant to this chapter shall be prosecuted exclusively in a 26 court of competent jurisdiction ... by a person who has suffered an injury in fact and has lost 27 money or property as a result of the unfair competition.”). 1 he otherwise would not have where Defendants gained financial benefits.” (Dkt. No. 47 at 20.) 2 This allegation, however, is not in the Amended Complaint. The Amended Complaint alleges 3 Defendants knowingly wiretapped Plaintiff’s “communications of their private personal 4 information without their consent.” (Dkt. No. 34 at ¶ 98.) While Plaintiff also alleges “both Heap 5 and Allstate benefit financially from Allstate’s use of Heap’s software and service” (Id. at ¶ 29), 6 this allegations does not support an inference Plaintiff “lost money or property” as a result. See, 7 e.g., 2023 WL 3933073, at *6 (“just because Plaintiffs’ data is valuable in the abstract, and 8 because ActiveProspect might have made money from it, does not mean that Plaintiffs have ‘lost 9 money or property’ as a result”); Bass v. Facebook, Inc., 394 F. Supp. 3d 1024, 1040 (N.D. Cal. 10 2019) (“That the information has external value, but no economic value to plaintiff, cannot serve 11 to establish that plaintiff has personally lost money or property.”); In re Facebook, Inc., 12 Consumer Priv. User Profile Litig., 402 F. Supp. 3d 767, 804 (N.D. Cal. 2019) (“Facebook may 13 have gained money through its sharing or use of the plaintiffs’ information, but that’s different 14 from saying the plaintiffs lost money.”). 15 Plaintiff’s reliance on Brown v. Google LLC, No. 20-CV-03664-LHK, 2021 WL 6064009, 16 at *15 (N.D. Cal. Dec. 22, 2021), is misplaced as the plaintiff there alleged a specific cash value 17 was attached to the allegedly misappropriated data and identified a market for the data. Plaintiff’s 18 allegations here do not include sufficient information from which the Court can plausibly infer the 19 data allegedly misappropriated likewise had an economic value of which he was deprived as a 20 result of Defendants’ actions. “The weight of the authority in the district and the state, however, 21 point in the opposite direction [from cases like Brown]: that “the ‘mere misappropriation of 22 personal information’ does not establish compensable damages.” Katz-Lacabe v. Oracle Am., Inc., 23 No. 22-CV-04792-RS, 2023 WL 2838118, at *8 (N.D. Cal. Apr. 6, 2023) (quoting Pruchnicki v. 24 Envision Healthcare Corp., 845 F. App’x 613, 615 (9th Cir. 2021) (citations omitted)). 25 Accordingly, Plaintiff’s UCL claim is dismissed for lack of statutory standing. 26 CONCLUSION 27 For the reasons set forth above, the Court grants Defendants’ motions to dismiss with leave 1 to another deadline. 2 This Order disposes of Docket Nos. 37 and 38. 3 IT IS SO ORDERED. 4 Dated: December 22, 2023 5 ne ACQUELINE SCOTT CORL&@Y 6 United States District Judge 7 8 9 10 11 12

© 15 16

= 17

Z 18 19 20 21 22 23 24 25 26 27 28