Wheaton et al v. Apple Inc., No. 3:2019cv02883 - Document 62 (N.D. Cal. 2019)
Court Description: ORDER GRANTING MOTION TO DISMISS by Judge William Alsup [granting 37 Motion to Dismiss]. Plaintiffs may move for leave to amend by NOON on 11/14/2019. (whasec, COURT STAFF) (Filed on 10/25/2019)
Download PDF
<![CDATA[
Wheaton et al v. Apple Inc. Doc. 62 1 2 3 4 5 6 IN THE UNITED STATES DISTRICT COURT 7 FOR THE NORTHERN DISTRICT OF CALIFORNIA 8 9 11 For the Northern District of California United States District Court 10 12 LEIGH WHEATON; JILL PAUL; and TREVOR PAUL, individually and on behalf of all others similarly situated, Plaintiffs, 13 14 15 16 No. C 19-02883 WHA v. ORDER GRANTING MOTION TO DISMISS APPLE INC., Defendant. / 17 18 19 20 21 22 23 24 25 26 27 28 INTRODUCTION In this putative class action, plaintiffs bring claims under Rhode Island and Michigan law for selling, renting, transmitting, or disclosing a customer’s information without consent. Defendant moves to dismiss under Federal Rules of Civil Procedure 12(b)(1) and 12(b)(6). This order GRANTS defendant’s motion to dismiss. STATEMENT Defendant Apple Inc. is a Delaware corporation with its principal place of business in Cupertino, California. One of Apple’s services is selling and distributing digital music via its iTunes Store mobile application. The iTunes Store application comes pre-installed on customers’ iPhones. An Apple customer can purchase music from the iTunes store. The music is then stored in their device’s Apple Music libraries. A customer’s personal listening Dockets.Justia.com 1 information, found in their Apple Music libraries, includes their full name and home address 2 along with genres and in some cases, the specific music titles they purchased (Compl. ¶¶ 3, 16). For the Northern District of California United States District Court 3 Plaintiff Leigh Wheaton is a citizen and resident of Rhode Island. Plaintiffs Jill Paul 4 and Trevor Paul are citizens and residents of Michigan. Over the past three years, plaintiffs all 5 purchased music from Apple via its iTunes Store. Plaintiffs allege that during this time, without 6 their notice and consent, Apple sold, rented, transmitted, and disclosed their personal listening 7 information to third parties. Plaintiffs allege that Apple disclosed this information to two 8 groups: (1) data brokers, data appenders, data aggregators, data miners, and other third parties, 9 who then supplemented the personal listening information with additional sensitive personal 10 information such as, age, gender, education, household income, purchasing habits; and (2) iOS 11 mobile application developers, who in turn sold and disclosed the information to other third 12 parties. 13 The complaint categorizes the purported disclosures to iOS mobile application 14 developers into three methods: (1) developers access to metadata; (2) tokens; and (3) gifting 15 functionality. Under the first method, plaintiffs allege developers could extract customers’ 16 iTunes music libraries metadata and link customers’ individual identities to the data. Under the 17 second method, plaintiffs contend Apple allowed developers to readily access customers’ 18 “tokens,” which could be associated with personally identifying information. Under the third 19 method, plaintiffs argue that Apple disclosed personal listening information to other customers. 20 Specifically, when a customer attempted to gift a song to another customer, iTunes would tell the 21 purchaser if the recipient had already purchased the song, thereby revealing the recipient’s name 22 and earlier music selection (Compl. ¶¶ 45–83). 23 As a result of Apple’s alleged failure to protect customers’ private information, plaintiffs 24 claim (1) overpayment; (2) loss of value of their personal listening information; (3) unwarranted 25 junk mail and telephone solicitations; and (4) risk of identity theft (Compl. ¶¶ 44, 68, 117–19, 26 138–42). 27 28 Based on the allegations, plaintiffs bring three claims against Apple: (1) violation of Rhode Island’s Video, Audio, and Publication Rentals Privacy Act; (2) violation of Michigan’s 2 1 Preservation of Personal Privacy Act; and (3) unjust enrichment (Compl. ¶¶ 98–154). 2 Apple moves to dismiss this complaint in full. This order follows full briefing and oral argument 3 (Dkt. Nos. 37, 50, 51). ANALYSIS For the Northern District of California United States District Court 4 5 Apple moves to dismiss plaintiffs’ complaint on the grounds that plaintiffs do not allege 6 damages under the Michigan state law as recently amended, lack standing under Rule 12(b)(1), 7 and fail to state their claims under Rule 12(b)(6). 8 1. STATE STATUTE APPLICATION. 9 Plaintiffs’ complaint alleges violations of two state statutes: the Rhode Island Video, 10 Audio, and Publication Rentals Privacy Act and the Michigan Preservation of Personal Privacy 11 Act. RIVRPA states in pertinent part: 15 It shall be unlawful for any person to reveal, transmit, publish, or disseminate in any manner, any records which would identify the names and addresses of individuals with the titles or nature of video films, records, cassettes, or the like, which they purchased, leased, rented, or borrowed, from libraries, book stores, video stores, or record and cassette shops or any retailer or distributor of those products . . . . 16 R.I. Gen. Laws § 11-18-32(a). In other words, for a defendant to be liable under RIVRPA, they 17 must disclose a customer’s record which identifies their name and address in connection with the 18 titles of the content in question. Apple moves to dismiss plaintiffs’ RIVRPA claim, but no 19 dispute exists as to the application of RIVRPA. 12 13 14 20 21 22 23 24 25 26 27 The parties debate, however, whether the amended or unamended version of the MIPPPA applies. The unamended MIPPPA, effective November 7, 1989–July 30, 2016, stated: [A] person, or an employee or agent of the person, engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings shall not disclose to any person, other than the customer, a record or information concerning the purchase, lease, rental, or borrowing of those materials by a customer that indicates the identity of the customer . . . . [A] person who violates this act shall be liable in a civil action for damages to the customer identified in a record or other information that is disclosed in violation of this act. The customer may bring a civil action against the person and may recover both of the following: (a) Actual damages, including 28 3 1 damages for emotional distress, or $5,000.00, whichever is greater. (b) Cost and reasonable attorney fees . . . . 2 3 The amended MIPPPA, effective July 31, 2016, states: [A] person, or an employee or agent of the person, engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, or video recordings shall not knowingly disclose to any person, other than the customer, a record or information concerning the that personally identifies the customer as having purchased, leased, rented, or borrowed those materials from the person engaged in the business . . . . [A] customer described in subsection (1) who suffers actual damages as a result of a violation of this act may bring a civil action against the person that violated this act and may recover both of the following: (a) The customer’s actual damages, including damages for emotional distress. (b) Reasonable costs and attorney fees . . . . 4 5 6 7 8 For the Northern District of California United States District Court 9 10 M.C.L.A §§ 445.1712–445.1715. Three key differences exist between the versions: (1) the 11 unamended version stated that a violation requires disclosure of material that “indicates the 12 identity of the customer”; whereas, the amended version specifies that a violation requires 13 disclosure of information that “personally identifies the customer”; (2) the amended version 14 requires customers to first suffer actual damages before bringing a claim; and (3) the unamended 15 version allowed a customer to recover actual damages, including damages for emotional distress, 16 or $5,000.00, whichever was greater; whereas, the amended version limits recovery to actual 17 damages. 18 This order holds that for all future litigation on this matter — under the current facts — 19 the unamended MIPPPA governs because the statute does not apply retroactively and the date of 20 the claim accrual determines the amendment’s applicability. Apple cites to the legislative 21 history in arguing that the amended version applies retroactively because the amendment is 22 curative and intended to clarify the unamended version. The legislative history provides in 23 pertinent part: 24 25 26 27 The amendatory act is curative and intended to clarify that the prohibitions on disclosing information contained in [the unamended MIPPPA], do not prohibit disclosing information if it is incident to the ordinary course of business of the person disclosing the information . . . and that a civil action for a violation of those prohibitions may only be brought by a customer who has suffered actual damages as a result of the violation. 28 4 1 S.B. 490, 98th Leg., Reg. Sess., P.A. No. 92 (Mich. 2016). The United States Court of Appeals 2 for the Sixth Circuit, however, found that for MIPPPA to apply retroactively, the amended 3 version must provide clear language of such legislative intent. The amended MIPPPA and the 4 legislative history do not contain any express statement of intended retroactivity. Therefore, the 5 amended MIPPPA does not apply retroactively. Coulter-Owens v. Time Inc., 695 F.App’x. 117, 6 121 (6th Cir. 2017). For the Northern District of California United States District Court 7 Alternatively, Apple cites to Raden v. Martha Stewart Living Omnimedia, Inc., 2017 8 WL 3085371, at *4 (E.D. Mich. July 20, 2017) (Judge Linda Parker) to argue that even if 9 MIPPPA does not apply retroactively, the amended version applies because the date of filing 10 the complaint determines the amendment’s applicability. This argument fails. Several other 11 Michigan decisions have held that the date of accrual, rather than the date of filing the complaint, 12 governs. Horton v. Gamestop Corp., 380 F.Supp. 3d 679, 683 (W.D. Mich. Sept. 28, 2018) 13 (Judge Gordon Quist); Hill v. Gen. Motors Acceptance Corp., 207 Mich. App. 504, 513–14 14 (1994); In re Certified Question from United States Court of Appeals for Ninth Circuit (Deacon 15 v. Pandora Media, Inc.), 499 Mich. 477, 483 n.7 (2016). Raden was an outlier. In Horton, the 16 district court found that the unamended version of the MIPPPA may be applied if the plaintiff 17 accrued the claims prior to the effective date of the amendment regardless of the fact that the 18 plaintiff filed the complaint nearly two years after the amendment took place. Id. at 682. 19 The facts in Horton mirror the facts in this action. Plaintiffs filed their complaint years after 20 the amended version was already in effect, but plaintiffs claim injury between May 24, 2016, 21 and July 30, 2016 — before the amended MIPPPA took effect. Thus, the unamended MIPPPA 22 applies. 23 The complaint does not need to state actual damages before bringing claims against 24 Apple under the unamended MIPPPA (though the Rule 26(a) initial disclosure must do so). 25 Accordingly, this order will not address whether plaintiffs’ damages are sufficient under 26 Rule 12(b)(1) or Rule 12(b)(6). 27 28 5 For the Northern District of California United States District Court 1 2. APPLE’S MOTION TO DISMISS. 2 To survive a motion to dismiss, a complaint must plead “enough facts to state a claim 3 to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). 4 A claim has facial plausibility when it pleads factual content that allows the court to draw the 5 reasonable inference that the defendant is liable for the misconduct alleged. Ashcroft v. Iqbal, 6 556 U.S. 662, 678 (2009). When ruling on a motion to dismiss, a court may generally consider 7 only allegations in the pleadings, attached exhibits, and matters properly subject to judicial 8 notice. For purposes of ruling on a motion to dismiss, all well-pled material allegations of the 9 complaint are accepted as true and the complaint must be construed in favor of the complaining 10 party. Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1030–31 (9th Cir. 2008). 11 Conclusory allegations or “formulaic recitation of the elements” of a claim, however, are not 12 entitled to the presumption of truth. Iqbal, 556 U.S. at 681. 13 Plaintiffs use the term “personal listening information” throughout their complaint to 14 refer to a customer’s full name and address in connection with their music selection purchases. 15 Neither RIVRPA nor MIPPPA uses the term. Plaintiffs’ counsel, rather, invented the term for 16 purposes of this case. RIVRPA only imposes liability on Apple if it discloses a customer’s name 17 and address with their music selection information. Under the unamended MIPPPA, to hold 18 Apple liable, the information disclosed must indicate a customer’s identity in connection with 19 their music selection. 20 21 A. Third-Party Data Brokers and Similar Entities. The complaint fails to plausibly allege with enough facts that Apple disclosed plaintiffs’ 22 personal listening information to third-party data brokers and similar entities, which caused 23 plaintiffs overpayment, loss of value in personal information, unwarranted junk mail, and risk 24 of identity theft. 25 The complaint depends on the attached Exhibits C and D as facts to support plaintiffs’ 26 claim. None of it plausibly shows that Apple disclosed plaintiffs’ personal listening information. 27 For example, the complaint cites to Exhibit C to support the claim. The complaint alleges that 28 Exhibit C is a listing by a third-party data broker selling customers’ names, addresses, and 6 1 personal listening information. Exhibit C does not provide sufficient facts to support this 2 argument. Plaintiffs, in their opposition to Apple’s motion, emphasize that the mail icon in the 3 exhibit includes names and addresses. Yet, the mail icon does not explicitly disclose any names, 4 addresses, or personally identifying information of customers. It is merely a picture of an 5 envelope. The complaint fails to explain anything about clicking on the icon. Without more 6 information, which was surely available to counsel, this order will not speculate that the mail 7 icon explicitly would lead to Apple customers’ names and addresses (Compl. ¶ 47; Compl. 8 Exh. C). For the Northern District of California United States District Court 9 The complaint also cites to Exhibit D, which it alleges is a listing by another third-party 10 data broker selling Apple customers’ personal listening information (Compl. ¶ 50; Compl. 11 Exh. D). Exhibit D, however, does not sufficiently support plaintiffs’ claim because the exhibit 12 fails to mention the third-party data broker name, Apple, or even iTunes. Thus, the exhibit does 13 not show that Apple disclosed customers’ personal listening information. Apple’s motion to 14 dismiss as to the third-party data brokers under Rhode Island and Michigan law is GRANTED. 15 16 B. IOS Mobile Application Developers. The complaint also does not provide enough facts to plausibly show that Apple disclosed 17 plaintiffs’ identities in connection with their music selection information to iOS mobile 18 application developers for any of the three methods: (1) metadata; (2) tokens; and (3) gifting. 19 First, the complaint alleges that Apple disclosed customers’ personal listening 20 information to developers through metadata. Plaintiffs attach Exhibits E, F, G, and H to the 21 complaint to support the allegation. The problem is that under both RIVRPA and MIPPPA, 22 a violation only occurs when a customer’s music selection is disclosed in connection with their 23 personally identifying information. Plaintiffs’ exhibits supplementing the complaint do not 24 purport to disclose such information. For example, Exhibits E and F show websites where a 25 developer posted claims regarding Apple giving developers access to metadata for every song 26 in a customer’s library (Compl. Exhs. E, F). The exhibits, however, do not show that Apple 27 disclosed customers’ personally identifying information as required under RIVRPA and 28 MIPPPA. Exhibit F provides, “[w]ith that one line of code, you can get the full metadata 7 1 for every song in a user’s library without them ever knowing,” but the exhibit does not state 2 plaintiffs’ names, addresses, or personally identifying information as part of the metadata 3 anywhere (Compl. Exh. F at 2). Because the exhibits supplementing the complaint do not 4 include plaintiffs’ personally identifying information in connection with their music selection, 5 the motion to dismiss this claim under Rhode Island and Michigan law is GRANTED. For the Northern District of California United States District Court 6 Second, the complaint fails to provide sufficient factual support of the allegation that 7 developers accessed customers’ personal listening information associated with users via tokens. 8 In plaintiffs’ opposition to Apple’s motion, plaintiffs cite In re Vizio, Inc. Consumer Privacy 9 Litigation, 238 F.Supp. 3d 1204, 1225 (C.D. Cal. March 2, 2017) (Judge Josephine Staton) to 10 show that they sufficiently stated a claim. There, the complaint specifically alleged that the 11 defendant had disclosed customers’ personally identifying information, including MAC 12 addresses and IP addresses, in connection with their information on the same network. 13 To support the plaintiffs’ claim, the complaint in that case provided two case studies where 14 researchers identified individuals based on the information provided. Id. at 1212. 15 Unlike the specified claim and evidence provided in In re Vizio, here, plaintiffs’ 16 complaint does not sufficiently state a claim nor furnish support for the claims. For example, 17 the complaint says tokens “are capable of association with uniquely identifying information 18 pertaining to individual users” (Compl. ¶ 63). Then the complaint goes on to provide a 19 conclusory statement that “Apple readily possesses information reflecting each of the instances 20 in which it has disclosured [sic] its customers’ [p]ersonal [l]istening [i]nformation . . .” (ibid.). 21 The complaint does not explain what a token is, how Apple discloses personal listening 22 information to developers, or what information developers can access via a “token.” 23 The complaint does not provide enough facts for this order to infer that Apple is liable under 24 this claim. As such, Apple’s motion to dismiss this claim under Rhode Island and Michigan law 25 is GRANTED. 26 Third, plaintiffs fail to establish standing as to their gifting claim in the complaint. 27 “Named plaintiffs who represent a class must allege and show that they personally have been 28 injured, not that injury has been suffered by other, unidentified members of the class to which 8 For the Northern District of California United States District Court 1 they belong and purport to represent.” Lewis v. Casey, 518 U.S. 343, 357 (1996). In plaintiffs’ 2 opposition to Apple’s motion, plaintiffs cite to Melendres v. Arpaio, 784 F.3d 1254, 1262 3 (9th Cir. 2015) in arguing that even if the named plaintiffs are not injured themselves, they still 4 have standing if they have “a direct and substantial interest.” This may be true to a certain 5 extent. But Melendres clarifies that this is only applicable when plaintiffs’ claims “do not 6 implicate a significantly different set of concerns than the unnamed plaintiffs’ claims.” Id. at 7 1263 (citations and internal quotations omitted). That is not the case here. Plaintiffs do not even 8 sufficiently assert a claim as to gifting on behalf of themselves. The complaint fails to provide 9 any evidence that anyone used the gifting function, let alone suffered an injury. The complaint 10 merely describes the gifting function and then conclusively states “[p]laintiffs are informed and 11 believe, and thereupon allege, that Apple has also sold, rented, transmitted, or otherwise 12 disclosed its customers [p]ersonal [l]istening [i]nformation to third party data analytics . . .” 13 (Compl. ¶¶ 64–65). Apple’s motion to dismiss plaintiffs’ claim as to gifting under Rhode Island 14 and Michigan law is thus GRANTED. 15 3. 16 Apple also moves to dismiss plaintiffs’ claim for unjust enrichment. For plaintiffs to 17 claim unjust enrichment, both Rhode Island and Michigan state laws require the defendant to 18 receive a benefit from the plaintiff, resulting in inequity because of the benefit. Karaus v. Bank 19 of New York Mellon, 300 Mich. App. 9, 22–23 (2012); Dellagrotta v. Dellagrotta, 873 A.2d 101, 20 113 (R.I. 2005). The complaint alleges that Apple unjustly retained plaintiffs’ iTunes purchase 21 fees despite allegedly disclosing plaintiffs’ personally identifying information along with their 22 music selections under MIPPPA, RIVRPA, and common law of those states (Compl. ¶¶ 143–54). 23 Plaintiffs’ unjust enrichment claims depend, however, on Apple having disclosed their personal 24 listening information. As explained above, plaintiffs’ complaint has not sufficiently established 25 that predicate. The motion to dismiss this claim is thus GRANTED. 26 27 28 UNJUST ENRICHMENT. CONCLUSION For the reasons stated above, the motion to dismiss is GRANTED. Plaintiffs may move for leave to amend by NOVEMBER 14 AT NOON. Any such motion should include as an exhibit 9 1 a redlined version of the proposed amendments that clearly identifies all changes from the 2 initial complaint. This order highlights certain deficiencies in the initial complaint, but it will 3 not necessarily be enough to add a sentence parroting each missing item identified herein. 4 If plaintiffs so move, they should be sure to plead their best case. Any motion should explain 5 how the proposed complaint overcomes all deficiencies, even those this order did not reach. 6 7 IT IS SO ORDERED. 8 9 Dated: October 24, 2019. WILLIAM ALSUP UNITED STATES DISTRICT JUDGE 11 For the Northern District of California United States District Court 10 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 10
]]>
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You
should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
