On Tuesday, August 12, 2014, the Northern District of California’s Judge Lucy Koh issued an order granting in part and denying in part Yahoo’s motion to dismiss claims that it violated federal and California anti-wiretapping laws.
The putative class action, In re Yahoo Mail Litig., alleges that Yahoo’s practice of intercepting, scanning, analyzing, collecting, and storing information contained in emails between Yahoo Mail and non-Yahoo Mail users violated the Federal Wiretap Act, the Stored Communications Act, California’s Invasion of Privacy Act, and the California Constitution. For these violations, the putative class of non-Yahoo Mail users seeks injunctive relief, declaratory relief, statutory damages, and disgorgement of Yahoo’s revenues related to the alleged practices.
The court’s order considered each cause of action, in turn:
Federal Wiretap Act: The court began its discussion with the alleged violation of the Federal Wiretap Act, which imposes liability for the intentional interception of electronic communications. 18 U.S.C. § 2511(1)(a). In seeking to dismiss the allegation, Yahoo advanced what is now a familiar argument: that the Wiretap Act did not apply to the case at hand because, at the time of their access and scanning, the emails in question were in storage, not in transit, and thus could not have been “intercepted.” The court rejected this argument as “premature” as Yahoo had not submitted any judicially noticeable evidence in support of its position. As a result, the court accepted the factual allegations in the complaint as true, including that the emails were, in fact, in transit at the time of access.
Yahoo fared better with its second argument in support of dismissal of the Wiretap Act claim: consent. Yahoo argued that it had obtained consent for its interception and email scanning by way of its Global Communications Additional Terms of Service (“ATOS”), agreed to by all Yahoo Mail users. The court reviewed the ATOS and found that, “[i]n light of the clarity of the language in the disclosure,” the ATOS did, indeed, establish explicit consent. The court thus ultimately dismissed Plaintiffs’ Wiretap Act claim with prejudice.
Stored Communications Act: The court turned next to Plaintiffs’ Stored Communications Act claim, which alleged that Yahoo improperly disclosed to third parties the content from scanned emails between Yahoo Mail users and non-users. Yahoo contended that Plaintiffs’ claims lacked the factual specificity required byTwombly because they failed to allege specific information about what content was shared, with whom, and for what purpose. The court rejected this argument and denied Yahoo’s motion to dismiss, finding instead that Plaintiffs various references to Yahoo’s sharing of email content with “third parties” was sufficient to survive the motion to dismiss.
California Invasion of Privacy Act: Yahoo’s argument in support of dismissal of the California Invasion of Privacy Act claim echoed its first argument regarding the Wiretap Act. As above, Yahoo argued that the California Invasion of Privacy claim should be dismissed on the grounds that the emails were in storage at the time of their access and scanning and, thus, could not have been intercepted. The argument was similarly rejected.
California Constitution: Finally, the court dismissed Plaintiffs’ claim under the California Constitution with leave to amend. In so doing, the court noted that the California Constitution sets a “high bar” for establishing an invasion of privacy claim. And that it is well-established under California law that there is no legally protected privacy interest or reasonable expectation of privacy in emails, generally. Thus, to allege a cause of action for invasion of privacy, Plaintiffs must have alleged that the emails intercepted included “confidential” or “sensitive” content, which they did not. The court found that Plaintiffs’ conclusory allegations that the emails were “private” fell far short of the factual specificity required and required dismissal of the claim.