Judge Daniel S. Murphy, Case Number: 24STCV00914, Date: 2024-06-03 Tentative Ruling

On January 12, 2024, Plaintiff Anne Heiting filed this action against Defendant Thryv, Inc., asserting a single cause of action for invasion of privacy in violation of Penal Code section 631.

The complaint alleges that “Defendant has engaged in deceptive practices by surreptitiously implanting code on its website allowing for the unauthorized recording and creation of transcripts of private conversations.” (Compl. ¶ 11.) Specifically, “Defendant has entered into financial agreements with intercom.com (‘Intercom’) to embed code into Defendant's website chat function. This code enables Intercom to covertly intercept and monitor a website visitor's chat conversation in real-time, without their knowledge or consent.” (Ibid.) The information gathered from these chats allegedly include a user’s “IP address, geolocation, browsing history, and search history.” (Id., ¶ 14.) The complaint alleges that Defendant aided and abetted Intercom’s illegal conduct. (Id., ¶ 24 [citing Pen. Code, § 631(a)].)

On March 15, 2024, Defendant filed the instant demurrer to the complaint. Plaintiff filed her opposition on May 20, 2024. Defendant filed its reply on May 24, 2024.

A demurrer for sufficiency tests whether the complaint states a cause of action. (Hahn v. Mirda (2007) 147 Cal.App.4th 740, 747.) When considering demurrers, courts read the allegations liberally and in context. (Taylor v. City of Los Angeles Dept. of Water and Power (2006) 144 Cal.App.4th 1216, 1228.) In a demurrer proceeding, the defects must be apparent on the face of the pleading or by proper judicial notice. (Code Civ. Proc., § 430.30, subd. (a).) A demurrer tests the pleadings alone and not the evidence or other extrinsic matters. (SKF Farms v. Superior Court (1984) 153 Cal.App.3d 902, 905.) Therefore, it lies only where the defects appear on the face of the pleading or are judicially noticed. (Ibid.) The only issue involved in a demurrer hearing is whether the complaint, as it stands, unconnected with extraneous matters, states a cause of action. (Hahn, supra, 147 Cal.App.4th at 747.)

Before filing a demurrer or a motion to strike, the demurring or moving party is required to meet and confer with the party who filed the pleading demurred to or the pleading that is subject to the motion to strike for the purposes of determining whether an agreement can be reached through a filing of an amended pleading that would resolve the objections to be raised in the demurrer. (Code Civ. Proc., §§ 430.41, 435.5.) The Court notes that Defendant has complied with the meet and confer requirement. (See Murphy Decl.)

Penal Code section 631(a) proscribes four types of conduct stemming from wiretapping: (1) where a person intentionally taps or makes an unauthorized connection with any telephone wire, line, cable, or instrument; (2) where a person willfully and without consent reads, or attempts to learn, the contents of a communication in transit or passing over any wire, line, or cable, or is being sent from or received at any place within the state; (3) where a person uses, or attempts to use, any information so obtained; and (4) where a person aids, agrees with, employs, or conspires with any person to do any of the acts mentioned above. (Yoon v. Lululemon United States (C.D.Cal. 2021) 549 F.Supp.3d 1073, 1080.) In this case, Plaintiff relies on the fourth prong—aiding and abetting. (Compl. ¶ 24.) Defendant does not challenge the aiding and abetting allegations. Thus, the primary issue is whether Plaintiff has sufficiently alleged an underlying violation by Intercom, addressed below.

“Any person who has been injured by a violation of this chapter may bring an action against the person who committed the violation.” (Pen. Code, § 637.2(a).) Defendant argues that Plaintiff lacks standing because she never used the chat feature. This is a factual issue not suitable for demurrer. It cannot be determined as a matter of law from the pleadings alone that Plaintiff did not use the chat feature.

The complaint contains the following allegations which support a reasonable inference that Plaintiff did use the chat feature: “The chats that users like Plaintiff believe are taking place on Defendant’s website are really taking place on Intercom” (Compl. ¶ 12); “Defendant did not inform Plaintiff that Defendant was secretly wiretapping or recording her communications or aiding, abetting, and paying third parties to eavesdrop on her” (id., ¶ 22); “Defendant did not obtain Plaintiff’s express or implied consent to wiretap or allow third parties to eavesdrop on visitor conversations, nor did Plaintiff know at the time of the conversations that Defendant was secretly wiretapping her and allowing third parties to eavesdrop on her” (id., ¶ 23).

The allegations suggest that Plaintiff is one of the chat users and that Defendants recorded or eavesdropped on her conversations. Given the nature of the allegations, the recorded conversations presumably occurred on the chat feature. The complaint suggests no other place where the alleged wiretapping could occur. Because all reasonable inferences must be drawn in Plaintiff’s favor, the complaint sufficiently alleges that Plaintiff used the chat feature on Defendant’s website. Therefore, Plaintiff has adequately alleged her standing.

CIPA contains “an exemption from liability for a person who is a ‘party’ to the communication.” (Davis v. Facebook, Inc. (In re Facebook Inc. Internet Tracking Litig.) (9th Cir. 2020) 956 F.3d 589, 607.) Penal Code section 631 applies “only to eavesdropping by a third party and not to recording by a participant to a conversation.” (Ibid.) “California courts have been instructed to analyze whether the technology (or actor) behaves more akin to a tape recorder utilized by the party to the conversation or as an eavesdropper ‘press[ing] up against a door to listen to a conversation.’” (Licea v. Am. Eagle Outfitters, Inc. (C.D.Cal. 2023) 659 F.Supp.3d 1072, 1082.) In the software context, “[w]hen a party captures and stores data, courts have found that they operate like an extension of the defendant (i.e. a tape recorder).” (Id. at p. 1083.) Thus, the party exception applies where “[t]he alleged use of the data by the third party . . . does not appear to be independent,” and “[t]he pleadings . . . nowhere suggest that the third party has the ability to use the information independently.” (Ibid.)

Defendant argues that because there are no allegations that Intercom uses or is capable of using the gathered information for its own purposes, Intercom acts merely as an extension of Defendant, akin to a tape recorder. If Intercom falls under the party exception and is not liable for wiretapping, there would be nothing for Defendant to aid and abet.

However, this is a factual issue unsuited for demurrer. The complaint alleges that Intercom not only supplies the gathered information back to Defendant, but also uses the data for its own business purposes. (Compl. ¶ 14.) Intercom’s policy allegedly permits it to “share and sell personal information with third parties, such as Intercom Group Companies, service providers, consultants, advertising partners and professional advisors.” (Id., ¶ 16.)[1] The data collection allegedly “enables the creation of detailed profiles about individuals, allowing the delivery of targeted advertisements . . . across multiple platforms.” (Id., ¶ 18.) User data is allegedly “shared with a wide range of entities.” (Id., ¶ 21.)

This constitutes a use beyond simply providing the data back to Defendant. Specifically, Intercom allegedly sells the data to a variety of third parties so that those third parties can form targeted advertisements. Presumably, Intercom does this for its own profit, not for Defendant’s benefit. The fact that Intercom also provides the information back to Defendant does not negate Intercom’s own use of the data. Allegations that “the third party captured data and then used the data for its own benefit by reselling the aggregated data” are sufficient to overcome the party exception. (See Licea, supra, 659 F.Supp.3d at p. 1083.) The allegations are not conclusory; they specify that Intercom can sell data to particular third parties beyond Defendant—such as service providers, consultants, advertising partners and professional advisors—for the purpose of enabling those third parties to deliver targeted advertisements.

For pleading purposes, the allegations support a reasonable inference that Intercom did not merely act as an extension of Defendant or provide collected data back to Defendant, but also used the data for its own purposes. Plaintiff is not required to allege specific facts demonstrating that the claim is plausible, as that is a federal pleading standard inapplicable to this case. (See, e.g., Valenzuela v. Keurig Green Mountain, Inc. (N.D. Cal. 2023) 674 F.Supp.3d 751.) California employs a more liberal pleading standard which leaves such details for discovery. (See Ludgate Ins. Co. v. Lockheed Martin Corp. (2000) 82 Cal.App.4th 592, 608.) Therefore, the party exception does not bar the claim as a matter of law at the pleading stage.

The second prong of Penal Code section 631(a) disjunctively imposes liability for intercepting a communication being sent to or from any place in the state, regardless of whether the transmission involves a wire, line, or cable. (In re Google Assistant Privacy Litig. (N.D.Cal. 2020) 457 F.Supp.3d 797, 826.) Thus, an internet chat message falls under the statute. (See Garcia v. Yeti Coolers, LLC (C.D.Cal. Sep. 5, 2023, No. 2:23-cv-02643-RGK-RAO) 2023 U.S.Dist.LEXIS 158968, at *8-9 [“numerous courts within the Ninth Circuit have concluded that Clause Two is rightfully applied to internet communications”].)

Here, the complaint alleges that the “code enables Intercom to covertly intercept and monitor a website visitor's chat conversation in real-time, without their knowledge or consent.” (Compl. ¶ 11.) The complaint details the code that allows Intercom to conduct this interception. (Id., ¶¶ 12-13.) For pleading purposes, Plaintiff has sufficiently alleged the interception of a communication being sent from or received in California.

Defendant cites to federal cases applying a stricter pleading standard to argue that Plaintiff has not alleged sufficient detail demonstrating an interception. (See Valenzuela v. Keurig Green Mountain, Inc. (N.D. Cal. 2023) 674 F.Supp.3d 751; Valenzuela v. Super Bright LEDs Inc. (C.D. Cal., Nov. 27, 2023, No. EDCV2301148JAKSPX) 2023 WL 8424472.) Again, that is not the pleading standard applicable here. Under California law, Plaintiff has sufficiently raised an inference that Intercom intercepted a communication.

Defendant also argues that Plaintiff has admitted Intercom did not “intercept” any communications because Plaintiff alleges that “[t]he chats that users like Plaintiff believe are taking place on Defendant’s website are really taking place on Intercom” or “with Intercom.” (See Compl. ¶¶ 12, 14.) This is not an admission that Intercom did not intercept anything. The allegation must be read in context, with all reasonable inferences drawn in Plaintiff’s favor. This allegation could just as readily be interpreted as confirming that Intercom intercepted the messages.

Lastly, Defendant argues that Plaintiff has failed to allege a communication “in transit.” However, Penal Code section 631(a) is written in the disjunctive. It prohibits the unauthorized reading of a communication “while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state.” The alleged chat messages were “being sent from, or received at any place within this state” regardless of whether they were in transit or occurred over a wire, line, or cable. Defendant also cites no authority precluding internet messages from being “in transit.” For pleading purposes, it may be reasonably inferred that the online chat messages were in transit when Intercom intercepted them, as they were allegedly collected “in real-time.” (See Compl. ¶ 11.)

The third prong of Penal Code section 631(a) proscribes the use of any communication obtained through an act proscribed by the other prongs. As discussed above, Plaintiff has sufficiently alleged that Intercom intercepted a communication in violation of the second prong. Plaintiff has also alleged that Intercom used the information by selling it for profit. Therefore, Plaintiff has pled a violation of the third prong.

In sum, Plaintiff has sufficiently alleged that Intercom violated at least one prong of Penal Code section 631(a) and that Defendant aided and abetted this violation. Therefore, the invasion of privacy claim is adequately pled.

[1] Defendant attempts to contradict this allegation by introducing evidence of Intercom’s actual privacy policy. Such factual disputes cannot be considered on a demurrer. Plaintiff’s reference to the privacy policy does not entitle Defendant to introduce extrinsic evidence of it on a demurrer. The website link referenced by Defendant cannot, at this stage, be authenticated as an accurate copy of the privacy policy. It is reasonably subject to dispute and cannot be immediately verified by a source of indisputable accuracy. (See Evid. Code, § 452(h).) Defendant’s caselaw does not suggest otherwise.