Judge: Joseph Lipner, Case: 24STCV19869, Date: 2025-01-28 Tentative Ruling

Case Number: 24STCV19869    Hearing Date: January 28, 2025    Dept: 72

 

SUPERIOR COURT OF CALIFORNIA

COUNTY OF LOS ANGELES

 

DEPARTMENT 72

 

TENTATIVE RULING

 

JERRY AVILES,

 

                                  Plaintiff,

 

         v.

 

 

LIVERAMP, INC.,

 

                                  Defendant.

 

 Case No:  24STCV19869

 

 

 

 

 

 Hearing Date:  January 28, 2025

 Calendar Number:  9

 

 

 

Defendant LiveRamp, Inc. (“Defendant”) demurs to the First Amended Complaint (“FAC”) filed by Plaintiff Jerry Aviles (“Plaintiff”).

 

The Court SUSTAINS the demurrer WITH LEAVE TO AMEND.  Defendant shall have 20 days to amend the First Amended Complaint.

 

Background

 

This case is brought under the California Invasion of Privacy Act (“CIPA”). The following facts are taken from the allegations of the FAC, which the Court accepts as true for the purposes of the demurrer.

 

Defendant owns and operates a website located at https://liveramp.com/ (the “Website”).

 

Plaintiff alleges that the Website’s code installs a ‘PR/TT beacon’ (the “Beacon”) on the browsers of users who visit the Website. (FAC ¶¶ 54-55.) Plaintiff alleges that Defendant uses the Beacon to collect the IP addresses of visitors. (FAC ¶ 56.) Plaintiff alleges that the operators of the Beacon then use the IP addresses of the Website visitors to send targeted advertisements to users or conduct analytics for the Website, in part through two third-party services. (FAC ¶¶ 57, 61.)

 

Plaintiff alleges that he visited Defendant’s Website in 2024 and that the Website installed the Beacon on Plaintiff’s browser. (FAC ¶¶ 77-78.) Plaintiff alleges that the Beacon collects additional information about the user’s device and software as well, including their operating system name and version number, browser name and version number, geolocation data, and email address. (FAC ¶ 79.)

 

Plaintiff filed this action on August 7, 2024. The operative complaint is now the FAC, which raises one claim for violation of CIPA.

 

On December 2, 2024, Defendant demurred to the FAC. Plaintiff filed an opposition and Defendant filed a reply.

 

Requests for Judicial Notice

 

The Court grants the parties’ requests for judicial notice and takes notice of the submitted public records. However, the Court notes that the complaints filed by Plaintiff in other cases which Defendant submits do not have clear relevance to the resolution of this case.

 

Legal Standard

 

As a general matter, in a demurrer, the defects must be apparent on the face of the pleading or via proper judicial notice. (Donabedian v. Mercury Ins. Co. (2004) 116 Cal.App.4th 968, 994.) “A demurrer tests the pleading alone, and not the evidence or facts alleged.” (E-Fab, Inc. v. Accountants, Inc. Servs. (2007) 153 Cal.App.4th 1308, 1315.) The court assumes the truth of the complaint’s properly pleaded or implied factual allegations. (Ibid.) The only issue a demurrer is concerned with is whether the complaint, as it stands, states a cause of action. (Hahn v. Mirda (2007) 147 Cal.App.4th 740, 747.)

 

Where a demurrer is sustained, leave to amend must be allowed where there is a reasonable possibility of successful amendment. (Goodman v. Kennedy (1976) 18 Cal.3d 335, 348.) The burden is on the plaintiff to show the court that a pleading can be amended successfully. (Ibid.; Lewis v. YouTube, LLC (2015) 244 Cal.App.4th 118, 226.) However, “[i]f there is any reasonable possibility that the plaintiff can state a good cause of action, it is error to sustain a demurrer without leave to amend.” (Youngman v. Nevada Irrigation Dist. (1969) 70 Cal.2d 240, 245).

 

Discussion

 

A person who has been injured by a violation of CIPA may bring an action against the violator for the greater of $5,000.00 or three times the amount of actual damages, if any, sustained by the plaintiff. (Pen. Code, § 637.2, subd. (a).) “It is not a necessary prerequisite to an action pursuant to this section that the plaintiff has suffered, or be threatened with, actual damages.” (Pen. Code, § 637.2, subd. (c).)

 

“Except as provided in subdivision (b), a person may not install or use a pen register or a trap and trace device without first obtaining a court order pursuant to Section 638.52 or 638.53.” (Pen. Code, § 638.51, subd. (a).) Subdivision (b) permits the use of such a device if, inter alia, the consent of the user has been obtained. (Pen. Code, § 638.51, subd. (b).)

 

“ ‘Pen register’ means a device or process that records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, but not the contents of a communication. ‘Pen register’ does not include a device or process used by a provider or customer of a wire or electronic communication service for billing, or recording as an incident to billing, for communications services provided by such provider, or a device or process used by a provider or customer of a wire communication service for cost accounting or other similar purposes in the ordinary course of its business.” (Pen. Code, § 638.50, subd. (b).)

 

“ ‘Trap and trace device’ means a device or process that captures the incoming electronic or other impulses that identify the originating number or other dialing, routing, addressing, or signaling information reasonably likely to identify the source of a wire or electronic communication, but not the contents of a communication.” (Pen. Code, § 638.50, subd. (c).)

 

            Plaintiff alleges that Defendant’s Website uses either a pen register or a trap and trace device.             Plaintiff’s FAC, as well as the opposition (Opposition at pp. 14:10-15:7), indicate that the key data collection alleged is that the Website, as well as the third-party software installed on it, collect identifying information about visitors’ devices, from visitors’ devices.

 

Historically, courts recognized that “[a] pen register is a mechanical device which records the numbers dialed from a telephone[.]” (People v. Blair (1979) 25 Cal.3d 640, 654.) While the statutory definition of a pen register now includes electronic communications in mediums other than simply telephone communications, Plaintiff has not provided authority showing that the category of information collected by pen registers as defined by the statute has been expanded. The analog of the number dialed by a telephone here is the IP address and related information of a website accessed by a computer – but not the computer’s own IP address or identifying information. Although Plaintiff alleges conclusorily that the Beacon is a PR/TT device, Plaintiff does not allege that the Beacon – or any other software installed on users’ devices by the Website – collects the outgoing addressing information from visitors’ devices or browsers. Plaintiff therefore has not alleged the use of a pen register.

 

Nor has Plaintiff alleged the use of a trap and trace device. Plaintiff at most alleges that Defendant’s Website collects the IP addresses and other information of visitors incoming to the website – the equivalent of if Defendant had used a trap and trace device on its own website, rather than on Plaintiff’s device.

 

The problem with this argument is that it is normal for websites to track the IP addresses of their visitors. “Analogously, e-mail and Internet users have no expectation of privacy in the to/from addresses of their messages or the IP addresses of the websites they visit because they should know that this information is provided to and used by Internet service providers for the specific purpose of directing the routing of information. Like telephone numbers, which provide instructions to the ‘switching equipment that processed those numbers,’ e-mail to/from addresses and IP addresses are not merely passively conveyed through third party equipment, but rather are voluntarily turned over in order to direct the third party's servers.” (U.S. v. Forrester (9th Cir. 2008) 512 F.3d 500, 510.) As Defendant points out, and as the Court takes judicial notice, the Los Angeles Superior Court’s own website contains a notice that it may collect and record the IP addresses of visitors. Without alleging that Defendant installed software on Plaintiff’s device or browser that collected incoming contact information to Plaintiff’s device, Plaintiff has not alleged anything above and beyond how the internet normally works.

 

            Plaintiff argues at length in his opposition that software is not excluded from being a pen register or trap and trace device by nature of its not being a form of telephonic surveillance. But Defendant does not argue that software cannot be a pen register or trap and trace device.

 

            Plaintiff additionally alleges downstream uses of the data that is collected – but downstream use of data is not a part of the definitions of pen registers or trap and trace devices. It is the method of data collection itself that is at issue.

 

            Because Plaintiff has not alleged that Defendant used a pen register or trap and trace device, the Court sustains the demurrer with leave to amend.