Judge: Michael Small, Case: 24STCV14453, Date: 2024-10-28 Tentative Ruling
Case Number: 24STCV14453 Hearing Date: October 28, 2024 Dept: 57
Plaintiff
Jane Heiting (“Heiting”) sued Defendant IHOP Restaurants, LLC (“IHOP”) in a
complaint that asserts a single cause of action for violation of California
Penal Code Section 638.51, which is known as the “trap and trace” provision of the
California Invasion of Privacy Act (“CIPA”).
(Unless otherwise noted, all statutory citations herein are to the Penal
Code.) Heiting alleges that she visited
IHOP’s website, and that on the website, IHOP had installed a trap and tracing device
created by Tik Tok that gathered private information about the Plaintiff
without her consent in contravention of Section 638.51.
Pending
before the Court is the demurrer of IHOP.
Within the demurrer, IHOP has moved to strike Heiting’s prayer in her complaint
for an award of punitive damages against
IHOP. The Court is overruling
IHOP’s demurrer. And although IHOP
should have moved separately to strike the complaint’s prayer for punitive
damages instead of embedding that motion within the demurrer, the Court is
granting the motion with leave to amend.
DEMURRER
In pertinent
part, Section 638.51 provides as
follows:
“(a) Except as provided in subdivision (b), a person
may not install or use a pen register or a trap and trace device without first
obtaining a court order pursuant to Section 638.52 or 638.53.
(b) A provider of electronic or wire
communication service may use a pen register or a trap and trace device for any
of the following purposes:
(1) To operate, maintain, and test a wire or
electronic communication service…
(5) If the consent of the user of that service
has been obtained.
(Pen. Code, § 638.51, subds. (a), (b)(1), and (b)(5).) Section 638.51(a) is the provision that
imposes liability on a person that uses a trap and trace device. Section 638.51(b) sets forth exceptions to liability.
Section 638.50 defines the term “a trap and trace device” as “a device or
process that captures the incoming electronic or other impulses that identify
the originating number or other dialing, routing, addressing, or signaling
information reasonably likely to identify the source of a wire or electronic
communication, but not the contents of a communication.” (Pen. Code § 638.50.) The phrase “electronic communication” is
defined as “any transfer of signs, signals, writings,
images, sounds, data, or intelligence of any nature in whole or in part by a
wire, radio, electromagnetic, photoelectric, or photo-optical system.” (Id. §
629.51, subd. (a)(2).)
Heiting alleges that the Tik Tok software installed on IHOP’s website constitutes
a trap and trace device within the meaning of Section 638.50, and that IHOP
used software to trap and trace private information about Heiting without her
consent. In the Court’s view, Heiting’s
allegations are sufficient to state a cause of action for violation of CIPA.
The Tik Tok software that IHOP allegedly installed on its website falls
with the ambit of the definition of “trap and trace device” in Section 638.50. Specifically, as alleged in the complaint, the
Tik Tok software is a device that captures identifying information about the source
of electronic communications to IHOP’s website.
IHOP argues
in the demurrer that the definition of
a trap and trace device in Section 638.50 is limited to devices that are
capable of being physically attached to telephone lines. Therefore, says IHOP, the definition excludes
devices such as the Tik Tok software at issue here that are attached to websites
on the internet.
The Court disagrees with IHOP’s statutory construction. The definition of trap and trace devices in
Section 638.50 is very broad. It
encompasses more than just devices that capture an originating telephone number. It also sweeps up any “signaling information
reasonably likely to identify the source of a wire or electronic communication.”
And the definition of electronic communication
in Section 629.51(a)(2) is very broad too. Section
630 makes plain that CIPA contemplated “the development of new devices and techniques
for the purpose of eavesdropping upon private communications…” (Pen. Code, §
630.) The Tik Tok software that IHOP allegedly
installed on its website is such a new technique for capturing private
information about a consumer without his or her consent or a court order.
As a fallback, IHOP argues that even if the Tik Tok software is a trap
and trace device, IHOP is exempt from liability under Section 638.51(b)(5)
because it is a “provider of electronic or wire communication
service” -- its website being its service -- that uses device “[t]o operate,
maintain, and test a wire or electronic communication service.” This argument is unavailing. IHOP
has not shown that it needs to use the Tik Tok software to operate and maintain its website. That showing is necessary for the exception
in 638.51(b)(5) to apply.
Equally
unavailing is IHOP’s argument that, as the operator of the website on which the
Tik Tok software was installed, it has consented to the installation and thus Section
638.51(b)(1)’s exception to liability applies.
The consent exception does not apply to IHOP. It applies to Heiting, as the consumer whose
information allegedly was trap and traced by the Tik Tok software when she accessed
IHOP’s website. IHOP’s argument that its consent counts finds
no support in the statutory text.
Finally, IHOP
argues that there is no private right of action under CIPA. IHOP is mistaken here as well. Section 637.2 provides as follows”
“Any person who has been injured by a violation of
this chapter may bring an action against the person who committed the violation
for the greater of the following amounts:
(1) Five thousand dollars ($5,000) per violation.
(2) Three times the amount of actual damages, if
any, sustained by the plaintiff.”
(Pen. Code, § 637.2).
Section 638.51 is part of the
same “chapter” as Section 637.2. Therefore, violations of Section 638.51 may
be redressed through a private right of action.
MOTION TO STRIKE
Punitive damages may be awarded against a defendant if the plaintiff proves
“by clear and convincing evidence that the defendant has been guilty of
oppression, fraud, or malice . . . .” (Civ. Code, § 3294, subd. (a).) If malice, oppression, or fraud are
established, a violation of CIPA can form the basis of a punitive damages
award. (Clauson v. Superior Court
(1998) 67 Cal.App.4th 1253, 1256.) The
problem here is that Heiting’s complaint contains insufficient allegations that
IHOP acted maliciously, with oppression, or fraudulently when it is said to
have captured Heiting’s personal information through a trap and trace device
(the Tik Tok software ) when Heiting accessed IHOP’s website.
As indicated above, IHOP should have filed a separate motion to strike
instead of making its motion to strike within the demurrer. If the Court denied the motion to strike on
that ground, however, IHOP likely would refile the motion as a standalone
document, which the Court would grant for the reasons stated herein. In the interest of efficiency, the Court is
granting the motion to strike. Heiting
is directed to file and serve an amended complaint by November 1, 2024.