Opinion
22-cv-07668-VC
03-15-2024
LAUREN HUGHES, et al., Plaintiffs, v. APPLE, INC., Defendant.
ORDER PARTIALLY GRANTING MOTION TO DISMISS
Re: Dkt. No. 50
VINCE CHHABRIA, UNITED STATES DISTRICT JUDGE
A concurrently-filed ruling addresses the negligence and products liability claims of the five plaintiffs who were injured in California. This more abbreviated ruling addresses the remaining claims by those plaintiffs as well as all claims raised by the other thirty-three plaintiffs, and it assumes that the reader is familiar with the facts, the applicable legal standards, and the arguments made by the parties.
Common law claims. In response to Apple's motion to dismiss, the plaintiffs assert for the first time that California law governs all thirty-eight plaintiffs' common law claims, based in part on a choice-of-law provision in a Software License Agreement that was not mentioned in the complaint. Given the particulars of this action, the plaintiffs' failure in the complaint to identify what state's laws govern their common law claims failed to provide Apple adequate notice. See Romero v. Flowers Bakeries, LLC, No. 14-cv-05189-BLF, 2016 WL 469370, at *12 (N.D. Cal. Feb. 8, 2016); In re Static Random Access Memory (SRAM) Litigation, 580 F.Supp.2d 897, 910 (N.D. Cal. 2008). There is meaningful variation in how different states approach the relevant common law claims, and over twenty states' laws are potentially implicated. Moreover, certain aspects of the complaint are arguably inconsistent with the plaintiffs' subsequent assertion that California law governs everything. For example, the plaintiffs assert negligence per se claims on behalf of only certain state subclasses, suggesting that those claims would be governed by the laws of those states (presumably the ones that recognize negligence per se). The claims of the non-California plaintiffs for negligence, negligence per se, products liability under the consumer expectations test, products liability under the risk-utility test, and intrusion upon seclusion are dismissed for this reason.
CIPA. The CIPA claims are dismissed because the plaintiffs have not adequately alleged that Apple uses the AirTags to “determine the location or movement of a person.” Cal. Penal Code § 637.7(a). The complaint only alleges that the AirTag is programmed to use the Bluetooth signals of nearby Apple devices to report its location back to its owner. It does not allege that Apple is able to determine the locations of the AirTags. And it does not allege that Apple can tie the locations or the movements of the AirTags to discreet individuals. Cf. Moreno v. San Francisco Bay Area Rapid Transit District, No. 17-cv-02911-JSC, 2017 WL 6387764, at *4 (N.D. Cal. Dec. 14, 2017) (dismissing CIPA claims in part because the defendant was only alleged to have collected anonymized data, as opposed to information tied to a particular, identifiable individual). The plaintiffs point to various aspects of the interface that AirTag users see to show that Apple has “agency and knowledge,” such as “translating [location] data into layman-usable information” and the “interface” changing “as the [user] gets closer to the AirTag.” But none of that means Apple took the action forbidden by the statutory provision the plaintiffs invoke-which is using the device to track a person. The allegations merely describe the way that Apple's operating system works.
The closest allegation has to do with the Unknown AirTag alerts. When Apple's operating system provides an iPhone user with a notification that an unknown AirTag has been travelling with them, that must mean that Apple's operating system has associated the user's device with the AirTag. However, the key allegation-that Apple determines the location and movement of the AirTags-is still missing.
The parties dispute whether the Court can conclude that Apple's FindMy network-the Bluetooth network that the AirTags operate through-is “end-to-end encrypted.” If the complaint had alleged more directly that Apple tracks the locations of the AirTags, or uses the AirTags to track the identified owners of other devices, then that dispute would have been relevant. But there is no need to reach that question now.
California Constitutional Right to Privacy. The assertion that Apple violated the plaintiffs' right to privacy is dismissed for similar reasons-the plaintiffs do not allege that Apple tracked them with the AirTags. Unlike with the CIPA claims, Apple's own use of the AirTags to track the plaintiffs is not a necessary element of the privacy claims. In theory, at least, it may be enough for a defendant to provide or operate the tool that someone else uses to invade the plaintiff's privacy. But that is not the privacy-invasion theory in the complaint. The complaint asserts that Apple violated the plaintiffs' right to privacy “by intentionally tracking their location with AirTags.”
California's Unfair Competition Law. The plaintiffs acknowledge a drafting error in the three UCL claims. Only plaintiff Lauren Hughes asserts those claims. But Hughes was not injured in California, so it's not clear that she can bring a claim under the UCL. See In re Apple & AT&T iPad Unlimited Data Plan Litigation, 802 F.Supp.2d 1070, 1076 (N.D. Cal. 2011). Nor has she adequately alleged statutory standing under the UCL. The UCL requires that the plaintiff allege a loss of money or property that resulted from the defendant's conduct. Sarun v. Dignity Health, 232 Cal.App.4th 1159, 1166-67. The complaint describes that economic injury as Hughes having to move apartments. But Hughes alleges that she had decided to move to evade her stalker before she realized that her stalker was using an AirTag-she was actually at her apartment gathering items for the upcoming move when she found the AirTag. Thus, the costs incurred by Hughes in her move were not caused by the AirTag. The plaintiffs attempt to fix this in their opposition brief by asserting that Hughes's economic injury was actually the “time (and money)” that she spent driving to the Apple store and then to her local police station. But that is too indefinite to support statutory standing under the UCL. Finally, the plaintiffs assert that Hughes will likely need to take further mitigation actions, including possibly another move, as a result of her stalker's suggestion that he intends to continue stalking her using AirTags. That alone, without any factual description of imminent future expenses, is also insufficient for UCL statutory standing. See Sarun, 232 Cal.App.4th at 1166-67.
Indiana, New York, Ohio, Pennsylvania, and Maryland consumer protection laws. All of these claims assert the same basic theory: that Apple downplayed the risk of AirTag stalking, including by causing news outlets to describe the product as “stalker-proof.” However, each of these state statutes requires some causal connection between Apple's purported misrepresentations or omissions and the harm that the plaintiffs suffered-typically through either reliance on the misstatements or through the materiality of the omissions. See, e.g., Md. Code Ann., Com. Law § 13-408 (West) (establishing a cause of action for “injury . . . as a result of a practice prohibited by this title”); Yocca v. Pittsburgh Steelers Sports, Inc., 578 Pa. 479 (2004) (“To bring a private cause of action under the [Pennsylvania Unfair Trade Practices and Consumer Protection Law, a plaintiff must show that he justifiable relied on the defendant's wrongful conduct or representation and that he suffered harm as a result of that reliance.”); NY Gen. Bus. § 349 (“Any person who has been injured by reason of any violation may bring an action in his own name . . .”); Ind. Code § 24-5-0.5-4(a) (“A person relying upon an uncured or incurable deceptive act may bring an action for the damages actually suffered as a consumer as a result of the deceptive act or five hundred dollars.”). None of the plaintiffs allege that they saw the “stalker-proof” statements and relied on them. And the complaint does not allege how Apple being clearer about the risks of AirTag stalking could have prevented or mitigated the harm that the plaintiffs experienced.
The missing causation allegations are not the only problem with these consumer protection claims. It seems very unlikely that the plaintiffs-who did not purchase the AirTags, but instead had them placed on their belongings without their consent-have statutory standing. See, e.g., Ohio Rev. Code § 1345.09 (expressly limiting the civil cause of action to “the consumer” in a transaction). The plaintiffs' attempt to wave this problem away by arguing that the stalkers conduct constituted a “transfer” or “assignment” of the AirTags is unconvincing.
***
This is a large and complicated action. Some amount of complexity is appropriate and necessary. But the pleading errors and inadequacies in the First Amended Complaint raise the question of whether the plaintiffs are prioritizing the claims that best fit the allegations. Nonetheless, all dismissals are with leave to amend. Any amended complaint must be filed within 21 days of this ruling.
IT IS SO ORDERED.