Davis v. Facebook, Inc., No. 17-17486 (9th Cir. 2020)
Annotate this Case
Plaintiffs filed a consolidated complaint on behalf of themselves and a putative class of people, alleging that internal Facebook communications revealed that company executives were aware of the tracking of logged-out users and recognized that these practices posed various user-privacy issues.
The Ninth Circuit held that plaintiffs have standing to pursue their privacy claims under the Wiretap Act, the Stored Communications Act (SCA), and the California Invasion of Privacy Act (CIPA), as well as their claims for breach of contract and breach of the implied covenant of good faith and fair dealing. In this case, plaintiffs have adequately alleged that Facebook's tracking and collection practices would cause harm or a material risk of harm to their interest in controlling their personal information. Therefore, plaintiffs have sufficiently alleged a clear invasion of the historically recognized right to privacy. Furthermore, plaintiffs sufficiently alleged a state law interest whose violation constitutes an injury sufficient to establish standing to bring their claims for Computer Data Access and Fraud Act (CDAFA) violations and California common law trespass to chattels, fraud, and statutory larceny.
On the merits, the panel held that plaintiffs adequately stated claims for relief for intrusion upon seclusion and invasion of privacy under California law. Plaintiffs have also sufficiently alleged that Facebook's tracking and collection practices violated the Wiretap Act and CIPA. The panel held that the district court properly dismissed plaintiffs' SCA claims, because the allegations do not show that the communications were even in "storage," much less that the alleged "storage" within a URL toolbar falls within the SCA's intended scope. The district court also properly dismissed plaintiffs' breach of contract claim, because plaintiffs failed to adequately allege the existence of a contract. Finally, plaintiffs' claims for breach of the implied covenant of good faith and fair dealing were rejected.
Court Description: Standing / Privacy Law. The panel affirmed the district court’s dismissal of the Stored Communications Act (“SCA”), breach of contract, and breach of implied covenant claims; reversed the dismissal of the remaining claims; and remanded for further consideration, in an action alleging privacy-related claims against Facebook, Inc. Facebook uses plug-ins to track users’ browsing histories when they visit third-party websites, and then complies these browsing histories into personal profiles which are sold to advertisers to generate revenue. Plaintiffs filed an amended complaint on behalf of themselves and a putative class of people who had active Facebook accounts between May 27, 2010 and September 26, 2011. They alleged that Facebook executives were aware of the tracking of logged-out users and * The Honorable Kathryn H. Vratil, United States District Judge for the District of Kansas, sitting by designation. IN RE FACEBOOK, INC. INTERNET TRACKING LITIG. 3 recognized that these practices posed various user-privacy issues. As an initial matter, the panel held that plaintiffs had standing to bring their claims. Specifically, the panel held that plaintiffs adequately alleged an invasion of a legally protected interest that was concrete and particularized. As to the statutory claims, the panel held that the legislative history and statutory text demonstrated that Congress and the California legislature intended to protect these historical privacy rights when they passed the Wiretap Act, SCA, and the California Invasion of Privacy Act (“CIPA”). In addition, plaintiffs adequately alleged that Facebook’s tracking and collection practices would cause harm or a material risk to their interest in controlling their personal information. Accordingly, plaintiffs sufficiently alleged a clear invasion of their right to privacy, and plaintiffs had standing to pursue their privacy claims under these statutes. As to plaintiffs’ alleged theories of California common law trespass to chattels and fraud, statutory larceny, and violations of the Computer Data Access and Fraud Act, the panel held that plaintiffs sufficiently alleged a state law interest whose violation constituted an injury sufficient to establish standing to bring their claims. Because California law recognizes a legal interest in unjustly earned profits, plaintiffs adequately pled an entitlement to Facebook’s profits from users’ data sufficient to confer Article III standing. Plaintiffs also sufficiently alleged that Facebook profited from this valuable data. 4 IN RE FACEBOOK, INC. INTERNET TRACKING LITIG. Turning to the merits, the panel held that plaintiffs adequately stated claims for relief for intrusion upon seclusion and invasion of privacy under California law. First, the panel held that in light of the privacy interests and Facebook’s allegedly surreptitious and unseen data collection, plaintiffs adequately alleged a reasonable expectation of privacy to survive a Fed. R. Civ. P. 12(b)(6) motion to dismiss. Second, plaintiffs identified sufficient facts to survive a motion to dismiss on the ultimate question of whether Facebook’s tracking and collection practices could highly offend a reasonable individual. The panel held that plaintiffs sufficiently alleged that Facebook’s tracking and collection practices violated the Wiretap Act and CIPA. Both statutes contain an exemption from liability for a person who is a “party” to the communication. Noting a circuit split, the panel adopted the First and Seventh Circuits’ understanding that simultaneous unknown duplication and communication of GET requests did not exempt Facebook from liability under the party exception. The panel concluded that Facebook was not exempt from liability as a matter of law under the Wiretap Act or CIPA, and did not opine whether plaintiffs adequately pleaded the other requisite elements of the statutes. The panel held that the district court properly dismissed plaintiffs’ claims under the SCA, which required plaintiffs to plead that Facebook gained unauthorized access to a “facility” where it accessed electronic communications in “electronic storage.” The panel agreed with the district court’s determination that plaintiffs’ data was not in electronic storage. The panel concluded that plaintiffs’ claims for relief under the SCA were insufficient. IN RE FACEBOOK, INC. INTERNET TRACKING LITIG. 5 The panel held that the district court properly dismissed plaintiffs’ breach of contract claim for failure to state a claim. Plaintiffs alleged that Facebook entered into a contract with each plaintiff consisting of the Statement of Rights and Responsibilities, Privacy Policy, and relevant Help Center pages. The panel held that plaintiffs failed to adequately allege the existence of a contract that was subject to breach. The panel also held that the district court properly dismissed plaintiffs’ claim that Facebook’s tracking practices violated the implied covenant of good faith and fair dealing, where the allegations did not go beyond the asserted breach of contract theories.
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.