Judge: Bruce G. Iwasaki, Case: 23STCV28124, Date: 2024-02-01 Tentative Ruling

Case Number: 23STCV28124    Hearing Date: February 1, 2024    Dept: 58

Judge Bruce G. Iwasaki

Department 58

Hearing Date:             February 1, 2024

Case Name:                Heiting v. Postable, LLC

Case No.:                    23STCV28124

Matter:                        Demurrer

Moving Party:             Defendant Postable, LLC

Responding Party:      Plaintiff Anne Heiting

Tentative Ruling:      The Demurrer to the Complaint is sustained.

            Plaintiff Anne Heiting (Plaintiff) alleges that she accessed the website of Postable, LLC (Defendant), used the site’s chat box feature, and that Defendant invaded her privacy by allowing a third-party company, Intercom, to secretly “eavesdrop” and “record” the data she furnished. The Complaint alleges a single cause of action for violations of the California Invasion of Privacy Act (CIPA), Penal Code section 631, subdivision (a).

On December 20, 2023, Defendant demurred to the Complaint. Plaintiff filed an opposition to the demurrer.

            The Court sustains the demurrer and grants leave to amend.  

Legal Standard for Demurrers

A demurrer is an objection to a pleading, the grounds for which are apparent from either the face of the complaint or a matter of which the court may take judicial notice. (Code Civ. Proc. § 430.30, subd. (a); see also Blank v. Kirwan (1985) 39 Cal.3d 311, 318.) The purpose of a demurrer is to challenge the sufficiency of a pleading “by raising questions of law.” (Postley v. Harvey (1984) 153 Cal.App.3d 280, 286.) “In the construction of a pleading, for the purpose of determining its effect, its allegations must be liberally construed, with a view to substantial justice between the parties.” (Code Civ. Proc., § 452.) The court “ ‘ “treat[s] the demurrer as admitting all material facts properly pleaded, but not contentions, deductions or conclusions of fact or law . . . .” ’ ”  (Berkley v. Dowds (2007) 152 Cal.App.4th 518, 525.) In applying these standards, the court liberally construes the complaint to determine whether a cause of action has been stated. (Picton v. Anderson Union High School Dist. (1996) 50 Cal.App.4th 726, 733.)

Cause of Action for Violations of the California Invasion of Privacy Act (Penal Code section 631, subdivision (a):

             Defendant argues the this cause of action fails to allege facts sufficient to state a claim.

            Penal Code section 631, subdivision (a), provides that a person who does any of the following has acted in violation of California’s Invasion of Privacy Act (CIPA):

“Any person who, by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection, whether physically, electrically, acoustically, inductively, or otherwise, with any telegraph or telephone wire, line, cable, or instrument, including the wire, line, cable, or instrument of any internal telephone communication system,

or

who willfully and without the consent of all parties to the communication, or in any unauthorized manner, reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state;

or

who uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained,

or

who aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the acts or things mentioned above.” (Pen. Code, § 631, subd. (a) [line breaks added].)  

            The statute “prescribes ... penalties for three distinct and mutually independent patterns of conduct: intentional wiretapping, willfully attempting to learn the contents or meaning of a communication in transit over a wire, and attempting to use or communicate information obtained as a result of engaging in either of the two previous activities.” (Tavernetti v. Super. Ct. (1978) 22 Cal. 3d 187, 192.)

            More specifically, the first clause creates a violation if a person “by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps or makes any unauthorized connection with any telegraph or telephone wire, line, cable, or instrument ....” (Swarts v. Home Depot, Inc. (N.D. Cal., Aug. 30, 2023, No. 23-CV-0995-JST) 2023 WL 5615453, at *5.) The second clause creates a violation where a person “willfully and without consent of all parties to the communication, or in any unauthorized manner reads or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit.” (Id.) The third clause creates a violation where a person “uses, or attempts to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained” as outlined in the first two clauses. (Id.)

Finally, in addition to these three clauses, section 631 also contains an aiding and abetting provision, which imposes liability on anyone who “aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the acts or things mentioned above.” (Id.)

Here, the Complaint alleges that Plaintiff was browsing Defendant’s website, postable.com, and interacted with a chat box on the site. (Compl., ¶¶ 5, 8.) The Complaint further alleges that Defendant recorded Plaintiff’s conversation and employs a third-party company, Intercom, to eavesdrop in real time, harvest and commoditize Plaintiff’s personal information through her interaction with a chat box. (Compl., ¶¶ 9-14.) Plaintiff alleges that Defendant’s failure to disclose its use of Intercom as a service provider violates CIPA, because “Defendant did not obtain Plaintiff’s express or implied consent to wiretap or allow third parties to eavesdrop on visitor conversations.” (Compl., ¶ 15.)

            Defendant argues these allegations fail as matter of law. The statue has four clauses; the first three clauses are premised on direct liability while the last is premised on derivative—or aiding and abetting—liability.

            With respect to the first three clauses, Plaintiff’s claims of liability fail against Defendant under the “party exception” rule.

            CIPA contains an exemption from liability for a person who was a “party” to a communication. (Ribas v. Clark (1985) 38 Cal.3d 355, 359; Warden v. Kahn (1979) 99 Cal.App.3d 805, 811 [“[S]ection 631 ... has been held to apply only to eavesdropping by a third party and not to recording by a participant to a conversation.”].)

            Here, the Complaint alleges that that “[d]uring a browsing session” on Defendant’s website she “utilized the chat box feature” and she “was not informed that her conversations were being recorded and exploited for commercial surveillance purposes without her consent.” (Compl., ¶ 8.)

Plaintiff insists that the party exception rule does not apply here but merely argues that the “aiding and abetting” clause could apply to Defendant. But this elides the point that, based on the Complaint, Defendant was a party to the communication.

Defendant argues that none of the of the direct liability clauses of Section 631 apply because Defendant cannot eavesdrop on its own conversation.

            Defendant also argues the derivative liability for “aiding and abetting” does not apply. The Complaint fails to allege a CIPA violation because the allegations show only that Intercom was a third-party tool that was utilized by Defendant as a mere extension of its own operations.

            The allegations do not show that Intercom was anything other than a third-party tool that was utilized by Defendant as a mere extension of its own operations.  

            Numerous courts that have held that the statute requires plaintiffs to allege facts indicating that the third party is recording the customers’ information “for some use or potential future use beyond simply supplying this information back to Defendant.” (Cody v. Boscov's, Inc. (C.D. Cal. 2023) 658 F.Supp.3d 779, 782 [dismissing with leave to amend claim for aiding wiretapping where Plaintiff's only allegation related to the software providers was that they “harvest valuable data from such [customer] communications for the benefit of their clients like Defendant”].) “One is not considered a third-party eavesdropper when they merely provide a tool that allows another party to record and analyze its own data.” (Nora Gutierrez v. Converse Inc. (C.D. Cal., Oct. 27, 2023, No. 223CV06547RGKMAR) 2023 WL 8939221, at *3.)[1]

            Here, the Complaint alleges that Defendant “collects a wide range of personal information from website users and consumers, including personal identifiers, device information, browser information, operating system information, location details; such as GPS address and IP address, and may deduce additional demographic details like gender and age; various details about website usage such as date and time the user accessed the website; social media information, inferences and other information.” (Compl., ¶ 12.)[2] The Complaint alleges that Intercom “shares the data it collects and stores with [Defendant] who adds the data to the existing profiles it has surreptitiously collected from its users.” (Compl., ¶ 12.)

            These allegations are inadequate to show that Intercom was recording the information for its own benefit.

            The Complaint also alleges that Intercom “stores [the data] for its own purposes.” (Compl., ¶ 10.) However, this allegation is entirely conclusory and lacking in any ultimate facts. (See e.g., Cody v. Boscov's, Inc. (C.D. Cal. 2023) 658 F.Supp.3d 779, 782–783 [“Here, Plaintiff's sole relevant allegation that Webex and Customer use the code embedded in the chat program to “harvest valuable data from such [customer] communications for the benefit of their clients like Defendant” [Dkt. 12 at ¶ 11] is too vague and conclusory to meet this standard.”]; see also Byars v. Hot Topic, Inc. (C.D. Cal. 2023) 656 F.Supp.3d 1051, 1067.)

            Paragraph 14 of the Complaint avers that Plaintiff believed she was communicating with Defendant.  Parties to a conversation cannot eavesdrop on their own conversation. (Heiting v. Taro Pharmaceuticals USA, Inc. (C.D. Cal. Dec. 26, 2023, No. 2:23-cv-08002-SPG-E) 2023 WL 9319049 at*1-2 [“Plaintiff alleges that she used the chat feature on Defendant’s website believing that she was chatting with Defendant. Therefore, any recording by Defendant directly, as opposed to vicariously …would fall squarely within the party exception”].) 

            Additionally, Plaintiff has failed to allege ultimate facts that the third-party chat provider had the capability to use the customer chat information for some independent purpose. (See Valenzuela v. Super Bright LEDs Inc. (C.D. Cal., Nov. 27, 2023, No. EDCV2301148JAKSPX) 2023 WL 8424472, at *7 [following the analysis in Javier v. Assurance IQ, LLC (N.D. Cal. 2023) 649 F.Supp.3d 891, 900].)

            The Complaint fails to demonstrate that Defendant used third-party vendor, Intercom, as a “third-party eavesdropper.” Rather, the allegations show nothing more than Defendant using Intercom to aid Defendant’s business and not for some other purpose – which makes the Intercom a mere “extension” of Defendant's website. (Byars v. Hot Topic, Inc., supra, 656 F.Supp.3d at 1068 [“Plaintiff does not allege a single fact that suggests the third-party ‘intercepted and used the data itself.’”].)

            Defendant also demurs to this cause of action on the grounds that Plaintiff fails to allege a CIPA violation because Intercom was not reading customer chats – like Plaintiff’s chat – in real time.

            As noted above, the second clause of section 631, subdivision (a), requires that messages be intercepted while in transit. (Licea v. American Eagle Outfitters, Inc. (C.D. Cal. 2023) 659 F.Supp.3d 1072, 1084-1085.) Courts under the CIPA have interpreted “in transit” to mean the party intercepted the communication during its transmission, rather than once it was placed in electronic storage. (Id.  at 1084.)

            Here, Plaintiff only alleges that the Intercom “intercepts” inquiries made by customers and diverts them to Intercom, allowing to the to eavesdrop “in real time.” (Compl., ¶¶ 9, 13.) These conclusory allegations are insufficient to state a claim. (Licea v. American Eagle Outfitters, Inc., supra, 659 F.Supp.3d at 1084 [“Plaintiff's bare allegations that “the third party ... secretly intercept[s] (during transmission and in real time)” is conclusory and does not allege specific facts as to how or when the interception takes place, which has been found to fall short of stating a plausible claim under section 631(a).”].)

            Plaintiff Heiting’s Complaint – long on hyperbole and short on facts – fails to plead a cause of action under section 631. The demurrer is sustained.

Conclusion

The demurrer is sustained. Plaintiff shall have leave to amend. The amended complaint shall be served and filed on or before March 1, 2024.