Opinion
No. C 19-02883 WHA
10-24-2019
LEIGH WHEATON; JILL PAUL; and TREVOR PAUL, individually and on behalf of all others similarly situated, Plaintiffs, v. APPLE INC., Defendant.
ORDER GRANTING MOTION TO DISMISS
INTRODUCTION
In this putative class action, plaintiffs bring claims under Rhode Island and Michigan law for selling, renting, transmitting, or disclosing a customer's information without consent. Defendant moves to dismiss under Federal Rules of Civil Procedure 12(b)(1) and 12(b)(6). This order GRANTS defendant's motion to dismiss.
STATEMENT
Defendant Apple Inc. is a Delaware corporation with its principal place of business in Cupertino, California. One of Apple's services is selling and distributing digital music via its iTunes Store mobile application. The iTunes Store application comes pre-installed on customers' iPhones. An Apple customer can purchase music from the iTunes store. The music is then stored in their device's Apple Music libraries. A customer's personal listening information, found in their Apple Music libraries, includes their full name and home address along with genres and in some cases, the specific music titles they purchased (Compl. ¶¶ 3, 16).
Plaintiff Leigh Wheaton is a citizen and resident of Rhode Island. Plaintiffs Jill Paul and Trevor Paul are citizens and residents of Michigan. Over the past three years, plaintiffs all purchased music from Apple via its iTunes Store. Plaintiffs allege that during this time, without their notice and consent, Apple sold, rented, transmitted, and disclosed their personal listening information to third parties. Plaintiffs allege that Apple disclosed this information to two groups: (1) data brokers, data appenders, data aggregators, data miners, and other third parties, who then supplemented the personal listening information with additional sensitive personal information such as, age, gender, education, household income, purchasing habits; and (2) iOS mobile application developers, who in turn sold and disclosed the information to other third parties.
The complaint categorizes the purported disclosures to iOS mobile application developers into three methods: (1) developers access to metadata; (2) tokens; and (3) gifting functionality. Under the first method, plaintiffs allege developers could extract customers' iTunes music libraries metadata and link customers' individual identities to the data. Under the second method, plaintiffs contend Apple allowed developers to readily access customers' "tokens," which could be associated with personally identifying information. Under the third method, plaintiffs argue that Apple disclosed personal listening information to other customers. Specifically, when a customer attempted to gift a song to another customer, iTunes would tell the purchaser if the recipient had already purchased the song, thereby revealing the recipient's name and earlier music selection (Compl. ¶¶ 45-83).
As a result of Apple's alleged failure to protect customers' private information, plaintiffs claim (1) overpayment; (2) loss of value of their personal listening information; (3) unwarranted junk mail and telephone solicitations; and (4) risk of identity theft (Compl. ¶¶ 44, 68, 117-19, 138-42).
Based on the allegations, plaintiffs bring three claims against Apple: (1) violation of Rhode Island's Video, Audio, and Publication Rentals Privacy Act; (2) violation of Michigan's Preservation of Personal Privacy Act; and (3) unjust enrichment (Compl. ¶¶ 98-154). Apple moves to dismiss this complaint in full. This order follows full briefing and oral argument (Dkt. Nos. 37, 50, 51).
ANALYSIS
Apple moves to dismiss plaintiffs' complaint on the grounds that plaintiffs do not allege damages under the Michigan state law as recently amended, lack standing under Rule 12(b)(1), and fail to state their claims under Rule 12(b)(6).
1. STATE STATUTE APPLICATION.
Plaintiffs' complaint alleges violations of two state statutes: the Rhode Island Video, Audio, and Publication Rentals Privacy Act and the Michigan Preservation of Personal Privacy Act. RIVRPA states in pertinent part:
It shall be unlawful for any person to reveal, transmit, publish, or disseminate in any manner, any records which would identify the names and addresses of individuals with the titles or nature of video films, records, cassettes, or the like, which they purchased, leased, rented, or borrowed, from libraries, book stores, video stores, or record and cassette shops or any retailer or distributor of those products . . . .R.I. Gen. Laws § 11-18-32(a). In other words, for a defendant to be liable under RIVRPA, they must disclose a customer's record which identifies their name and address in connection with the titles of the content in question. Apple moves to dismiss plaintiffs' RIVRPA claim, but no dispute exists as to the application of RIVRPA.
The parties debate, however, whether the amended or unamended version of the MIPPPA applies. The unamended MIPPPA, effective November 7, 1989-July 30, 2016, stated:
[A] person, or an employee or agent of the person, engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings shall not disclose to any person, other than the customer, a record or information concerning the purchase, lease, rental, or borrowing of those materials by a customer that indicates the identity of the customer . . . . [A] person who violates this act shall be liable in a civil action for damages to the customer identified in a record or other information that is disclosed in violation of this act. The customer may bring a civil action against the person and may recover both of the following: (a) Actual damages, including
damages for emotional distress, or $5,000.00, whichever is greater. (b) Cost and reasonable attorney fees . . . .The amended MIPPPA, effective July 31, 2016, states:
[A] person, or an employee or agent of the person, engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings shall not knowingly disclose to any person, other than the customer, a record or information concerning the that personally identifies the customer as having purchased, leased, rented, or borrowed those materials from the person engaged in the business . . . . [A] customer described in subsection (1) who suffers actual damages as a result of a violation of this act may bring a civil action against the person that violated this act and may recover both of the following: (a) The customer's actual damages, including damages for emotional distress. (b) Reasonable costs and attorney fees . . . .M.C.L.A §§ 445.1712-445.1715. Three key differences exist between the versions: (1) the unamended version stated that a violation requires disclosure of material that "indicates the identity of the customer"; whereas, the amended version specifies that a violation requires disclosure of information that "personally identifies the customer"; (2) the amended version requires customers to first suffer actual damages before bringing a claim; and (3) the unamended version allowed a customer to recover actual damages, including damages for emotional distress, or $5,000.00, whichever was greater; whereas, the amended version limits recovery to actual damages.
This order holds that for all future litigation on this matter — under the current facts — the unamended MIPPPA governs because the statute does not apply retroactively and the date of the claim accrual determines the amendment's applicability. Apple cites to the legislative history in arguing that the amended version applies retroactively because the amendment is curative and intended to clarify the unamended version. The legislative history provides in pertinent part:
The amendatory act is curative and intended to clarify that the prohibitions on disclosing information contained in [the unamended MIPPPA], do not prohibit disclosing information if it is incident to the ordinary course of business of the person disclosing the information . . . and that a civil action for a violation of those prohibitions may only be brought by a customer who has suffered actual damages as a result of the violation.S.B. 490, 98th Leg., Reg. Sess., P.A. No. 92 (Mich. 2016). The United States Court of Appeals for the Sixth Circuit, however, found that for MIPPPA to apply retroactively, the amended version must provide clear language of such legislative intent. The amended MIPPPA and the legislative history do not contain any express statement of intended retroactivity. Therefore, the amended MIPPPA does not apply retroactively. Coulter-Owens v. Time Inc., 695 F.App'x. 117, 121 (6th Cir. 2017).
Alternatively, Apple cites to Raden v. Martha Stewart Living Omnimedia, Inc., 2017 WL 3085371, at *4 (E.D. Mich. July 20, 2017) (Judge Linda Parker) to argue that even if MIPPPA does not apply retroactively, the amended version applies because the date of filing the complaint determines the amendment's applicability. This argument fails. Several other Michigan decisions have held that the date of accrual, rather than the date of filing the complaint, governs. Horton v. Gamestop Corp., 380 F.Supp. 3d 679, 683 (W.D. Mich. Sept. 28, 2018) (Judge Gordon Quist); Hill v. Gen. Motors Acceptance Corp., 207 Mich. App. 504, 513-14 (1994); In re Certified Question from United States Court of Appeals for Ninth Circuit (Deacon v. Pandora Media, Inc.), 499 Mich. 477, 483 n.7 (2016). Raden was an outlier. In Horton, the district court found that the unamended version of the MIPPPA may be applied if the plaintiff accrued the claims prior to the effective date of the amendment regardless of the fact that the plaintiff filed the complaint nearly two years after the amendment took place. Id. at 682. The facts in Horton mirror the facts in this action. Plaintiffs filed their complaint years after the amended version was already in effect, but plaintiffs claim injury between May 24, 2016, and July 30, 2016 — before the amended MIPPPA took effect. Thus, the unamended MIPPPA applies.
The complaint does not need to state actual damages before bringing claims against Apple under the unamended MIPPPA (though the Rule 26(a) initial disclosure must do so). Accordingly, this order will not address whether plaintiffs' damages are sufficient under Rule 12(b)(1) or Rule 12(b)(6).
2. APPLE'S MOTION TO DISMISS.
To survive a motion to dismiss, a complaint must plead "enough facts to state a claim to relief that is plausible on its face." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). A claim has facial plausibility when it pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). When ruling on a motion to dismiss, a court may generally consider only allegations in the pleadings, attached exhibits, and matters properly subject to judicial notice. For purposes of ruling on a motion to dismiss, all well-pled material allegations of the complaint are accepted as true and the complaint must be construed in favor of the complaining party. Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1030-31 (9th Cir. 2008). Conclusory allegations or "formulaic recitation of the elements" of a claim, however, are not entitled to the presumption of truth. Iqbal, 556 U.S. at 681.
Plaintiffs use the term "personal listening information" throughout their complaint to refer to a customer's full name and address in connection with their music selection purchases. Neither RIVRPA nor MIPPPA uses the term. Plaintiffs' counsel, rather, invented the term for purposes of this case. RIVRPA only imposes liability on Apple if it discloses a customer's name and address with their music selection information. Under the unamended MIPPPA, to hold Apple liable, the information disclosed must indicate a customer's identity in connection with their music selection.
A. Third-Party Data Brokers and Similar Entities.
The complaint fails to plausibly allege with enough facts that Apple disclosed plaintiffs' personal listening information to third-party data brokers and similar entities, which caused plaintiffs overpayment, loss of value in personal information, unwarranted junk mail, and risk of identity theft.
The complaint depends on the attached Exhibits C and D as facts to support plaintiffs' claim. None of it plausibly shows that Apple disclosed plaintiffs' personal listening information. For example, the complaint cites to Exhibit C to support the claim. The complaint alleges that Exhibit C is a listing by a third-party data broker selling customers' names, addresses, and personal listening information. Exhibit C does not provide sufficient facts to support this argument. Plaintiffs, in their opposition to Apple's motion, emphasize that the mail icon in the exhibit includes names and addresses. Yet, the mail icon does not explicitly disclose any names, addresses, or personally identifying information of customers. It is merely a picture of an envelope. The complaint fails to explain anything about clicking on the icon. Without more information, which was surely available to counsel, this order will not speculate that the mail icon explicitly would lead to Apple customers' names and addresses (Compl. ¶ 47; Compl. Exh. C).
The complaint also cites to Exhibit D, which it alleges is a listing by another third-party data broker selling Apple customers' personal listening information (Compl. ¶ 50; Compl. Exh. D). Exhibit D, however, does not sufficiently support plaintiffs' claim because the exhibit fails to mention the third-party data broker name, Apple, or even iTunes. Thus, the exhibit does not show that Apple disclosed customers' personal listening information. Apple's motion to dismiss as to the third-party data brokers under Rhode Island and Michigan law is GRANTED.
B. IOS Mobile Application Developers.
The complaint also does not provide enough facts to plausibly show that Apple disclosed plaintiffs' identities in connection with their music selection information to iOS mobile application developers for any of the three methods: (1) metadata; (2) tokens; and (3) gifting.
First, the complaint alleges that Apple disclosed customers' personal listening information to developers through metadata. Plaintiffs attach Exhibits E, F, G, and H to the complaint to support the allegation. The problem is that under both RIVRPA and MIPPPA, a violation only occurs when a customer's music selection is disclosed in connection with their personally identifying information. Plaintiffs' exhibits supplementing the complaint do not purport to disclose such information. For example, Exhibits E and F show websites where a developer posted claims regarding Apple giving developers access to metadata for every song in a customer's library (Compl. Exhs. E, F). The exhibits, however, do not show that Apple disclosed customers' personally identifying information as required under RIVRPA and MIPPPA. Exhibit F provides, "[w]ith that one line of code, you can get the full metadata for every song in a user's library without them ever knowing," but the exhibit does not state plaintiffs' names, addresses, or personally identifying information as part of the metadata anywhere (Compl. Exh. F at 2). Because the exhibits supplementing the complaint do not include plaintiffs' personally identifying information in connection with their music selection, the motion to dismiss this claim under Rhode Island and Michigan law is GRANTED.
Second, the complaint fails to provide sufficient factual support of the allegation that developers accessed customers' personal listening information associated with users via tokens. In plaintiffs' opposition to Apple's motion, plaintiffs cite In re Vizio, Inc. Consumer Privacy Litigation, 238 F.Supp. 3d 1204, 1225 (C.D. Cal. March 2, 2017) (Judge Josephine Staton) to show that they sufficiently stated a claim. There, the complaint specifically alleged that the defendant had disclosed customers' personally identifying information, including MAC addresses and IP addresses, in connection with their information on the same network. To support the plaintiffs' claim, the complaint in that case provided two case studies where researchers identified individuals based on the information provided. Id. at 1212.
Unlike the specified claim and evidence provided in In re Vizio, here, plaintiffs' complaint does not sufficiently state a claim nor furnish support for the claims. For example, the complaint says tokens "are capable of association with uniquely identifying information pertaining to individual users" (Compl. ¶ 63). Then the complaint goes on to provide a conclusory statement that "Apple readily possesses information reflecting each of the instances in which it has disclosured [sic] its customers' [p]ersonal [l]istening [i]nformation . . ." (ibid.). The complaint does not explain what a token is, how Apple discloses personal listening information to developers, or what information developers can access via a "token." The complaint does not provide enough facts for this order to infer that Apple is liable under this claim. As such, Apple's motion to dismiss this claim under Rhode Island and Michigan law is GRANTED.
Third, plaintiffs fail to establish standing as to their gifting claim in the complaint. "Named plaintiffs who represent a class must allege and show that they personally have been injured, not that injury has been suffered by other, unidentified members of the class to which they belong and purport to represent." Lewis v. Casey, 518 U.S. 343, 357 (1996). In plaintiffs' opposition to Apple's motion, plaintiffs cite to Melendres v. Arpaio, 784 F.3d 1254, 1262 (9th Cir. 2015) in arguing that even if the named plaintiffs are not injured themselves, they still have standing if they have "a direct and substantial interest." This may be true to a certain extent. But Melendres clarifies that this is only applicable when plaintiffs' claims "do not implicate a significantly different set of concerns than the unnamed plaintiffs' claims." Id. at 1263 (citations and internal quotations omitted). That is not the case here. Plaintiffs do not even sufficiently assert a claim as to gifting on behalf of themselves. The complaint fails to provide any evidence that anyone used the gifting function, let alone suffered an injury. The complaint merely describes the gifting function and then conclusively states "[p]laintiffs are informed and believe, and thereupon allege, that Apple has also sold, rented, transmitted, or otherwise disclosed its customers [p]ersonal [l]istening [i]nformation to third party data analytics . . ." (Compl. ¶¶ 64-65). Apple's motion to dismiss plaintiffs' claim as to gifting under Rhode Island and Michigan law is thus GRANTED.
3. UNJUST ENRICHMENT.
Apple also moves to dismiss plaintiffs' claim for unjust enrichment. For plaintiffs to claim unjust enrichment, both Rhode Island and Michigan state laws require the defendant to receive a benefit from the plaintiff, resulting in inequity because of the benefit. Karaus v. Bank of New York Mellon, 300 Mich. App. 9, 22-23 (2012); Dellagrotta v. Dellagrotta, 873 A.2d 101, 113 (R.I. 2005). The complaint alleges that Apple unjustly retained plaintiffs' iTunes purchase fees despite allegedly disclosing plaintiffs' personally identifying information along with their music selections under MIPPPA, RIVRPA, and common law of those states (Compl. ¶¶ 143-54). Plaintiffs' unjust enrichment claims depend, however, on Apple having disclosed their personal listening information. As explained above, plaintiffs' complaint has not sufficiently established that predicate. The motion to dismiss this claim is thus GRANTED.
CONCLUSION
For the reasons stated above, the motion to dismiss is GRANTED. Plaintiffs may move for leave to amend by NOVEMBER 14 AT NOON. Any such motion should include as an exhibit a redlined version of the proposed amendments that clearly identifies all changes from the initial complaint. This order highlights certain deficiencies in the initial complaint, but it will not necessarily be enough to add a sentence parroting each missing item identified herein. If plaintiffs so move, they should be sure to plead their best case. Any motion should explain how the proposed complaint overcomes all deficiencies, even those this order did not reach.
IT IS SO ORDERED. Dated: October 24, 2019.
/s/_________
WILLIAM ALSUP
UNITED STATES DISTRICT JUDGE