Judge: Michael Shultz, Case: 24STCV03155, Date: 2025-01-27 Tentative Ruling
DEPARTMENT 40 - MICHAEL J. SHULTZ - LAW AND MOTION RULINGS
The Court issues tentative rulings on certain motions.The tentative ruling will not become the final ruling until the hearing [see CRC 3.1308(a)(2)]. If the parties wish to submit on the tentative ruling and avoid a court appearance, all counsel must agree and choose which counsel will give notice. That counsel must 1) email Dept 40 by 8:30 a.m. on the day of the hearing (smcdept40@lacourt.org) with a copy to the other party(ies) and state that all parties will submit on the tentative ruling, and 2) serve notice of the ruling on all parties. If any party declines to submit on the tentative ruling, then no email is necessary and all parties should appear at the hearing in person or by Court Call.
Case Number: 24STCV03155 Hearing Date: January 27, 2025 Dept: 40
24STCV03155
Marielita Palacios v. Medlock Ames Vintners, LLC
Monday,
January 27, 2025
[TENTATIVE] ORDER OVERRULING DEMURRER TO
PLAINTIFF’S FIRST AMENDED COMPLAINT FOR VIOLATION OF CALIFORNIA INVASION OF
PRIVACY ACT
I.
BACKGROUND
The first
amended complaint (“FAC”) alleges that when Plaintiff visited Defendant’s website,
Defendant deployed spyware that was
installed on Plaintiff’s browser that collected Plaintiff’s personal
information without Plaintiff’s consent in violation of the California Invasion
of Privacy Act (“CIPA”), codified at Penal
Code, section 638.51 subd. (a).)
II. ARGUMENTS
Defendant demurs to the FAC for failure to
state a claim on grounds Plaintiff has not alleged injury-in-fact. The alleged
injury is abstract and hypothetical because it is based on statutory damages
under the CIPA, versus a concrete harm suffered by Plaintiff. The claim is
vague as it does not allege basic, specific facts to support the conclusion
that Defendant’s website employed a “pen register” and “trap and trace” device
as alleged. Defendant requests judicial notice of 55 other actions that
Plaintiff has filed for the same or similar alleged violations.
Plaintiff objects to Defendant’s request
for judicial notice, which the court should not consider because it is
extrinsic to the pleading and is irrelevant and improper character evidence.
Plaintiff requests judicial notice of minute orders issued in three other
superior court actions wherein demurrer was overruled. Plaintiff also requests
judicial notice of Senate and Assembly Committee Analyses relating to CIPA.
Substantively, Plaintiff argues she alleges
sufficient facts to support the allegation that the software deployed by
Defendant is either a “pen register” or a “trap and trace device” which is
supported by the legislative history. Plaintiff has adequately alleged facts to
support injury-in-fact.
In reply, Defendant argues that Plaintiff
has not identified the privacy right that Defendant allegedly violated or how
Defendant caused her harm or any concrete harm. Plaintiff does not allege how
her information was intercepted which is unlawful under section 638.51.
Leave to amend should not be granted.
III. LEGAL
STANDARDS
A
demurrer tests the sufficiency of a complaint as a matter of law and raises
only questions of law. (Schmidt
v. Foundation Health (1995) 35
Cal.App.4th 1702, 1706.) In testing the complaint’s sufficiency, the court must
assume the truth of the properly pleaded factual allegations as well as facts
that can be reasonably inferred from those expressly pleaded facts. The court
may also consider matters properly subject to judicial notice. (Blank
v. Kirwan (1985) 39 Cal.3d
311, 318.)
The
court may not consider contentions, deductions, or conclusions of fact or law.
(Moore
v. Conliffe (1994) 7 Cal.4th
634, 638.) Plaintiff is required to allege facts sufficient to establish every
element of each cause of action. (Rakestraw
v. California Physicians Service (2000) 81 Cal.App.4th 39, 43.) Where the complaint fails to state facts
sufficient to constitute a cause of action, courts should sustain the demurrer.
(Code Civ. Proc., § 430.10(e); Zelig
v. County of Los Angeles
(2002) 27 Cal.4th 1112, 1126.)
Sufficient
facts are the essential facts of the case stated, "with reasonable
precision and with particularity that is sufficiently specific to acquaint the
defendant with the nature, source, and extent of his cause of action.” (Gressley
v. Williams (1961) 193
Cal.App.2d 636, 643-644.) Whether the
Plaintiff will be able to prove the pleaded facts is irrelevant. (Stevens
v. Superior Court (1986) 180
Cal.App.3d 605, 609–610.)
IV.
DISCUSSION
A.
Request
for Judicial Notice
Defendant’s
request for judicial notice is denied as other lawsuits commenced by Plaintiff
are irrelevant.
Plaintiff’s
request for judicial notice of other superior court rulings is denied. The case
on which Plaintiff relies states that other trial court decisions are not
binding, and while the superior court could follow another trial court ruling, "it
would not have to. It would be free to reach the opposite conclusion—either by
examining the merits for itself … ." (Harrott
v. County of Kings (2001) 25 Cal.4th 1138, 1148.) Rulings issued by
other superior courts are irrelevant.
The
court grants Plaintiff’s request for judicial notice of bill analysis by the
Senate Committee on Public Safety and the Assembly Committee on Public Safety.
(Evid. Code, § 452 (c).)
B.
Analysis
Plaintiff
alleges a claim in violation of Penal Code section 648.51 subd. (a) which
states:
"(a)
Except as provided in subdivision (b), a person may not install or use a pen
register or a trap and trace device without first obtaining a court order pursuant
to Section 638.52 or 638.53.” (Pen. Code, § 638.51.)
The statute defines the foregoing technology
(“PR/TT beacon”):
"(b)
“Pen register” means a device or process that records
or decodes dialing, routing, addressing, or signaling information transmitted
by an instrument or facility from which a wire or electronic communication is
transmitted, but not the contents of a communication. ‘Pen register’ does
not include a device or process used by a provider or customer of a wire or
electronic communication service for billing, or recording as an incident to
billing, for communications services provided by such provider, or a device or
process used by a provider or customer of a wire communication service for cost
accounting or other similar purposes in the ordinary course of its business.
(c)
‘Trap and trace device’ means a device or process that
captures the incoming electronic or other impulses that identify the
originating number or other dialing, routing, addressing, or signaling
information reasonably likely to identify the source of a wire or electronic
communication, but not the contents of a communication." (Pen. Code, § 638.50.)
Plaintiff alleges that when a user visits
Defendant’s website, Defendant’s response to the request includes the
installation of a PR/TT beacon on the user’s browser which sends the user’s IP
address to the developer, here Defendant. (FAC, ¶ 38.) Defendant installed the
PR/TT beacon on Plaintiff’s and others’ device without consent. (FAC, ¶ 50.) The IP address allows Defendant to provide
services to itself and other clients, including targeted advertisements and web
site analytics to “digitally fingerprint” each user. (FAC, ¶ 52.) Plaintiff
alleges visitor data is harvested immediately upon webpage loading, preceding
any opportunity for visitors to consent or decline the website’s privacy
policy. (FAC, ¶ 56.)
Plaintiff alleges she visited Defendant’s
website in January 2024. (FAC, ¶ 67.) Defendant’s PR/TT beacon collected
Plaintiff’s unique IP address as well as the user’s operating system name and
version number, geolocation data, email address, mobile ad IDs, and embedded
social media identities, among other personal information (FAC, ¶ 68).
Plaintiff did not provide prior consent for Defendant to install or use the
PR/TT beacon on Plaintiff’s browser. (FAC, ¶ 70.) Defendant did not obtain a
court order before installing or using the PR/TT beacon, and therefore, Defendant
invaded Plaintiff’s privacy in violation of section 638.51(a) of the California
Penal Code (FAC, ¶ 72.)
Defendant contends the PR/TT beacon
collects only her IP address. (Dem. 6:27-28.) This is undermined by the
specific other information allegedly obtained which was unique to Plaintiff.
(FAC, ¶ 68.)
Defendant argues Plaintiff’s alleged
injury is “abstract or hypothetical because it is solely premised on statutory
damages under the CIPA.” (Dem. 7:2-3.) This is contrary to the specific allegations
of the complaint identifying the information taken without Plaintiff’s consent
sufficient to support injury-in-fact. (FAC, ¶ 67-68.)
Defendant argues (without citing any
authority) that without Plaintiff specifically identifying Defendant’s specific
software at issue, Plaintiff’s interactions with the website, or any actual
information that was purportedly recorded, decoded, or captured, the pleading
is vague and is premised on assumptions not facts. (Dem 7:9-12.) The specifics
of Plaintiff’s visit, however, what was installed and collected in order to
“digitally fingerprint” Plaintiff is alleged in the section captioned
“Plaintiff’s Experience.” (FAC, ¶ 67-69.)
Insofar as Defendant requires Plaintiff to
allege how she became aware of the privacy violation identification or the
specific software at issue, these are evidentiary facts. General rules of
pleading do not require that the plaintiff plead evidentiary facts supporting
the allegation of ultimate fact. (Careau
& Co. v. Security Pacific Business Credit, Inc. (1990) 222
Cal.App.3d 1371, 1390 [“It is both improper and insufficient for a
plaintiff to simply plead the evidence by which he hopes to prove such ultimate
facts."].)
Defendant contends there is a
“requirement” that Plaintiff allege sufficient facts in order to “deter copycat
litigation.” (Dem., ¶ 8:1-3.) There is
no citation for this purported authority. The FAC does not make any allegation
about “copycat litigation.”
Finally, the FAC’s reference to Greenley
v. Kochava, Inc. (S.D. Cal.
2023) 684 F.Supp.3d 1024,
was made to underscore the court’s observation that the term “pen register” was
defined with “expansive language.” (Greenley
at 1050; ["Surely among them is software that
identifies consumers, gathers data, and correlates that data through unique ‘fingerprinting.’
Thus, the Court rejects the contention that a private company's surreptitiously
embedded software installed in a telephone cannot constitute a “pen register.”].)
Finally, Defendant’s contention in reply
that the statute at issue applies to “interception” of information, which
Plaintiff has not alleged. (Reply 2:7-10.) Defendant is mistaken. Section 682.50 applies to information that “records
or decode” routing information or “a device or process that captures the
incoming electronic or other impulses that identify the originating number or
other dialing, routing, addressing, or signaling information reasonably likely
to identify the source of a wire or electronic communication.” (Pen. Code §
638.50.)
V.
CONCLUSION
Based on the foregoing, Defendant’s
demurrer to the first amended complaint is OVERRULED. Defendant is ordered to
file an answer within 30 days.