Summary

California Penal Code Section 632 has provided a springboard to litigation related to the recording of telephone calls in the State of California.  Last week, in Hatisihi v. First American, Case No. B244769 (Cal. Ct. App. 2d Dist.), the California Court of Appeal affirmed the recent trend of class certification denials in cases brought under Section 632, based upon the individualized inquires into a determination of whether the communication recorded was “confidential.”

Background Facts

First American issues one-year home warranty plans for major home systems and appliances to customers in 46 states, including California.  Customers may make warranty claims by calling an “800” number (“inbound” calls).  In addition, First American makes calls to existing customers as part of marketing and warranty renewal campaigns (“outbound” calls).  All calls between First American — whether inbound or outbound  — are recorded.  Inbound calls include an automated disclosure that the call may be monitored or recorded.  Outbound calls, however, do not include any such automated disclosure, and, prior to 2009, First American did not have a policy of requiring sales representatives to advise customers that the call may be monitored or recorded.  Id. at *2-4.

Plaintiff purchased a one-year First American Warranty in 2005 and renewed it annually for the next three years until it expired in May 2009.  Between 2005 and May 2008, Plaintiff admitted to making approximately 12 inbound calls to First American during which she received the automated disclosure that her call may be monitored or recorded.  Plaintiff also admitted that she participated in “dozens” of telephone calls with other companies where she understood her call would be recorded or monitored for quality assurance.  Plaintiff did not object to any of the inbound calls with First American or the other companies being recorded.  Id.

In May 2008 and May 2009, Plaintiff received outbound calls from First American’s sales group.  Both calls were recorded and Plaintiff was not given the disclosure that the calls would be recorded or monitored.  Id.

The Lower Court’s Opinion

Thereafter, Plaintiff filed a class action complaint entitled Hataishi v. First American (Los Angeles County Super. Ct. Case No. B244769) against First American for statutory invasion of privacy under California Penal Code Section 632, which prohibits the intentional recording of a “confidential communication” without the consent of all parties to the communication.  Plaintiff filed a class certification motion seeking to certify a class of California consumers who received telephone calls from First American between 2006 and 2009.  Plaintiff asserted that there were common issues of law and fact because: (1) First American was the only defendant; (2) First American’s policy was to record all outbound calls; (3) the outbound calls were not proceeded by an automated warning that the call would be recorded; and (4) prior to 2009, First American did not have a policy requiring its sales persons to give a verbal warning that the call would be recorded.  The trial court denied the motion finding, among other things, that individual issues predominated.  The trial court also rejected Plaintiff’s contention that the objective reasonableness of each plaintiff’s expectations could be assessed by First American’s uniform call recording procedures.  Id. at *6.

The Court of Appeal Affirms Denial of Class Certification

On February 21, 2014, the California Court of Appeal Second Appellate District, addressing only the community of interest issue, affirmed.  The Court of Appeal explained that a communication is “confidential” for purposes of Section 632 if the party has an objectively reasonable expectation that the conversation is not being overheard or recorded.  Accordingly, in order to establish that an outbound First American call was subject to Section 632, Plaintiff would need to prove the objective reasonableness of her expectation that the call would not be recorded and the objective reasonableness of each putative class members’ expectations of the same.  This required individualized proof of (1) the length of the customer relationship, (2) the plaintiffs’ prior experiences with calls to or from the defendant including the number of calls and whether or not those calls included a recording/monitoring disclaimer, and (3) the plaintiffs’ prior experiences with other companies wherein they were provided the recording/monitoring disclaimer.  Such individualized inquiry precluded the certification of Plaintiff’s class claims especially considering her admissions regarding inbound calls to First American and calls from other businesses wherein the recording/monitoring disclaimer was provided.    Id. at *14-15.

Significance

In recent years, plaintiffs’ lawyers have used, and, arguably, abused, section 632 (and similar state and federal statutes), bringing harrowing class cases against corporations, then demanding large settlements for quick resolution.  The First American decision should hopefully limit the number of Section 632 class action claims filed in the future, and provides strong support for the denial of pending cases seeking class certification.  First American also provides a strong framework for mounting early dispositive challenges to cases brought under Section 632, and similar call recording statutes.

“Injury-in-fact is not Mount Everest,” Supreme Court Justice Samuel Alito once opined. The threshold to establish constitutional standing — which requires that plaintiffs establish an “injury-in-fact” — is low; so low that in most types of lawsuits, plaintiffs have no trouble scaling the requirement.  While standing may not be Mount Everest, in consumer privacy lawsuits, particularly those involving internet privacy, it can be more than a molehill.  Indeed, in some cases, plaintiffs alleging harm based on alleged privacy violations have found standing to be an insurmountable defense.  In particular, plaintiffs bringing claims based on the online collection, sharing, or dissemination of their personal information without more have been unable to show any “actual or imminent” harm (rather than purely speculative or possible future injury) from the allegedly unlawful conduct.  See e.g., In Re Iphone Application Litig., No. 11-MD-2250, 2011 U.S. Dist. LEXIS 106865 (N.D. Cal. Sept. 20, 2011) (granting defendant’s motion to dismiss for lack of Article III standing).

Are privacy violations sufficient to constitute an injury-in-fact under the Fair Credit Reporting Act (“FCRA”)?  This is one of the nuanced issues that the Ninth Circuit is pondering in connection with the appeal in Robins v. Spokeo, Inc., No. 11-56843 (9th Cir. 2012)Although Judges Diarmund O’Scannlain, Susan P. Graber or Carlos T. Bea likely should base their ruling on narrow, well-settled standing principles, it is possible that they may stretch the concept of standing under the FCRA to include harm resulting from violations of privacy interests.

Proceedings At The District Court Level

Spokeo is a website that describes itself as an aggregator of information.  Unlike traditional search engines like Yahoo!, Google, or Bing, Spokeo’s search engine focuses on finding people.

Spokeo issues prominent disclaimers to users that it is not a consumer reporting agency.  See Spokeo, No. 11-56843, ECF No. 26 (Brief of Appellee Spokeo, Inc.), at 4-6.  It also requires users to agree that information they obtain from Spokeo cannot “be considered for purposes of determining a consumer’s eligibility for credit, insurance, employment, or for any other purpose authorized by the FCRA.”  See id.  Nevertheless, Plaintiff claims Spokeo is a consumer reporting agency as defined under the FCRA.  In fact, he contends that Spokeo not only “assembles” data from a variety of sources, it also creates data not available from other sources, including information that allegedly bears on individuals’ economic wealth and purported creditworthiness.  See Spokeo, No. 11-56843, ECF No. 8 (Appellant’s Opening Brief), at 8.

Plaintiff filed a complaint against Spokeo for violation of the FCRA, arguing that the “reports generated by Spokeo.com contain inaccurate consumer information that is marketed to entities performing background checks.”  According to Plaintiff, Spokeo’s search results stated that Plaintiff had more education and professional experience that he actually has, stated he was married when in fact he is not, and inflated his financial position.  Though the inaccuracies favored Plaintiff, he allegedly was concerned that Spokeo’s search results would affect his ability to obtain credit, employment, or insurance.

Spokeo moved to dismiss the complaint for lack of standing.  After flip-flopping on the standing issue, the district court ultimately agreed with Spokeo.  Initially, Plaintiff argued that a statutory violation (i.e., FCRA violation) is sufficient to constitute an injury-in-fact.  But because the district court was unconvinced (it granted Spokeo’s first motion to dismiss), Plaintiff added allegations to his amended complaint that Spokeo’s dissemination of inaccurate information about him caused him actual harm in the form of diminished employment prospects, as well as anxiety, stress, and concern.  The district court initially accepted these allegations as sufficient and denied Spokeo’s second motion to dismiss but when Spokeo sought interlocutory appeal the district court dismissed the Plaintiff’s amended complaint.

Issues On Appeal

In this post, we focus on the standing issues raised in the Spokeo case.  However, we note that Plaintiff in this case is pushing the envelope on other arguments as well: he is alleging that Spokeo, an internet search engine, is a consumer reporting agency, and he is arguing that Spokeo is not entitled to a defense that it is an “aggregator” merely passing through publicly available information and, thus, immune from FCRA liability.

On appeal, the Plaintiff urges the Ninth Circuit to find standing and revive his complaint. According to Plaintiff, Article III’s requirements are met when a plaintiff alleges a statutory violation where the statute creates legal rights.  Borrowing from arguments plaintiffs have made (with limited success) in internet privacy cases, he argues, the injury-in-fact is the statutory violation itself and not the harmful consequences that may ultimately result.  Plaintiff claims that the FCRA is a “privacy statute designed to protect consumers from unlawful or inaccurate dissemination of their confidential consumer credit information.” Even if the FCRA required actual harm, according to Plaintiff, the harm at issue here is the “invasion of consumer’s right of privacy” arising from Spokeo’s dissemination of inaccurate information that arguably bears on creditworthiness even absent any allegations of a specific economic injury.  Thus, Plaintiff claims he adequately alleged an injury because Spokeo violated Plaintiff’s FCRA rights to be free from inaccurate dissemination of consumer information.

Spokeo counters that the concept of standing is a “screen” that is meant to limit the individuals who can enforce statutory and regulatory requirements.  It contends that although the FCRA creates a cause of action for statutory damages, only those individuals who can establish a concrete injury (actual harm) have standing to pursue a cause of action.  Spokeo points out that Plaintiff failed to allege any consequence resulting from Spokeo’s allegedly harmful conduct; and although he is concerned that incorrect information appears in a Spokeo search might affect his job prospects, he alleges no facts to substantiate his concern.

Implications

Defendants can be on the hook for millions of dollars in consumer class actions filed in the wake of data breaches or other privacy violations.  Given the stakes, standing arguments have been a primary defense in internet privacy class actions.  However, in some privacy cases, courts have held that plaintiffs have standing by virtue of asserting claims under certain statutes, such as those that provide civil relief to persons whose electronic communications are intercepted or accessed without their authorization.  In Spokeo, the Plaintiff is attempting to advance a similar argument to assert standing under the FCRA.  It remains to be seen whether the Ninth Circuit will accept this argument and in so doing lower the standing bar so much so that it is no more than a speed bump for FCRA plaintiffs.

Apparently, Chief Justice Roberts has added to the United States Supreme Court’s wish list: a case that would allow the Court to address the “fundamental concerns” surrounding the use of cy pres remedies in class action settlements.

What is Cy Pres?

A cy pres remedy provides indirect benefits to class members (usually through defendant donations to a third party) in lieu of a direct monetary payment.  This remedy is normally utilized to distribute settlement funds that are unclaimed or incapable of individual distribution because the proof of individual claims would be burdensome or individual distribution of funds would be too costly.

The Lower Court Opinions

The Supreme Court’s public statement of its desire to review the propriety and limits of cy pres settlement agreements arises from the Ninth Circuit’s approval of a settlement in a putative class action relating to Facebook’s “Beacon” program.  Marek v. Lane, No. 13-136 (Nov. 4, 2013).  Beacon was a short-lived program instituted by Facebook in November 2007, that allowed Facebook to publish its members’ activities on participating companies’ websites (such as renting movies from Blockbuster.com or booking flights on Hotwire.com) to the member’s profile and the member’s friends network.  Initially, Beacon was an “opt out” program but, after public opposition, was changed to an “opt in” program where a member’s activity would not be broadcast unless the member expressly agreed to its dissemination.  We previously sent notification to our clients, http://www.seyfarth.com/publications/OMM092512b,  of the Ninth Circuit’s opinion affirming the district court’s approval of a $9.5 million settlement between Facebook and putative class members who alleged violations of state and federal privacy laws.  Lane v. Facebook, Inc., 696 F.3d 911 (2012).  Approximately $3 million of the settlement amount was allocated for plaintiffs’ attorneys’ fees and incentive payments for the named plaintiffs.  The remaining $6.5 million was earmarked for distribution to a newly formed charitable foundation whose purpose is to fund other organizations dedicated to educating the public about online privacy.  Class members who objected to approval of the settlement filed a petition for writ of certiorari to the United States Supreme Court.

Justice Roberts’ Warning Shot

Ultimately, the Court denied the petition because appellants’ challenge was focused on the particular terms of the specific cy pres settlement agreement at issue.  Chief Justice Roberts stated that review of this case may not afford the Court an opportunity to address more fundamental concerns surrounding the use of cy pres remedies in class action litigation, stating:

Marek’s challenge is focused on the particular features of the specific cy pres settlement at issue.  Granting review of this case might not have afforded the Court an opportunity to address more fundamental concerns surrounding the use of such remedies in class action litigation, including when, if ever, such relief should be considered; how to assess its fairness as a general matter; whether new entities may be established as part of such relief; if not, how existing entities should be selected; what the respective roles of the judge and parties are in shaping a cy pres remedy; how closely the goals of any enlisted organization must correspond to the interests of the class; and so on.  This Court has not previously addressed any of these issues.  Cy Pres remedies, however, are a growing feature of class action settlements.  In a suitable case, this Court may need to clarify the limits on the use of such remedies.

What This Means

Chief Justice Roberts’ statement reflects the increasing scrutiny courts have of the use of cy pres awards in class settlements, and loudly signals that continued scrutiny of these awards will intensify.  It thus becomes paramount for counsel, during settlement negotiations for class resolution, to give careful consideration to Justice Roberts’ warning shot in Marek.

It is often assumed that the statutory penalty in civil actions under California’s Invasion of Privacy Act, Penal Code section 630 et seq. (“CIPA” or “Act”), is $5,000 for each instance of misconduct that violates the Act.  (Some California courts have indeed indicated as much, though in dicta and without analysis.)  Adopting such a view, class action plaintiffs usually contend that CIPA violations should be punished at a rate of $5,000 per violation per class member, which could expose class action defendants to monstrous and potentially annihilating penalties.  But, this view is not supported by the plain text or legislative history of the Act.

The Text Of Civil Code Section 637.2

Nowhere in Penal Code section 637.2, the provision of CIPA allowing civil actions, does it say that statutory penalties are $5,000 per violation.  Rather, the text of the section convincingly suggests, if not conclusively requires, that statutory penalties be capped at $5,000 per lawsuit.  The text indicates that a plaintiff is only entitled to recover more if she suffered actual damages and those damages exceed $5,000 either alone or under the portion of 637.2 allowing treble damages.

Section 637.2 states in full:

“(a) Any person who has been injured by a violation of this chapter may bring an action against the person who committed the violation for the greater of the following amounts:  (1) Five thousand dollars ($5,000).  (2) Three times the amount of actual damages, if any, sustained by the plaintiff.

(b) Any person may, in accordance with Chapter 3 (commencing with Section 525) of Title 7 of Part 2 of the Code of Civil Procedure, bring an action to enjoin and restrain any violation of this chapter, and may in the same action seek damages as provided by subdivision (a).

(c) It is not a necessary prerequisite to an action pursuant to this section that the plaintiff has suffered, or be threatened with, actual damages.”

Whether section 637.2 imposes penalties per violation or per action has not been litigated often, although defendants have advanced the argument that the penalty should be per action.  Defendants have noted, for example, that section 637.2’s reference to $5,000 modifies the term “action” not “violation.”  Defendants have also argued that the California Legislature has drafted dozens of penalty provisions whereby the penalty is explicitly written to be per violation, but that Penal Code section 637.2 simply does not include such terminology.

The Legislative History Of Civil Code Section 637.2

That statutory civil penalties under CIPA are capped at $5,000 per action is the most direct construction of the language of section 637.2 and thus the one that should be favored.  See, e.g., California Fed. Savings & Loan Assn. v. City of Los Angeles, 11 Cal.4th 342, 349 (1995).  Such a statutory interpretation also happens to be supported by the Act’s legislative history.

At the outset, nothing in the legislative history appears to support an intent that penalties would be on a per violation basis.  Rather, the phrasing found in the pieces of the history, like the language of the statute, shows the intent to award the statutory penalty on a per action basis.  See, e.g., Digest of Assembly Bill 860, by Assembly Speaker Jesse M. Unruh (May 2, 1967), p. 6 (“In that action he could recover a minimum of $3,000 or an amount equal to three times the actual damage he suffered by the invasion of his privacy”); Assembly Committee on Criminal Procedure, Judiciary Com., Assem. Bill No. 860 (April 25, 1967), p. 5 (section 637.2 “provides for a civil action by any person injured by a violation of this chapter for $3,000 or treble damages, whichever is greater”).

The Legislature intended the real deterrent to be the threat of triple damages; the penalty was merely a floor that only actual damages, trebled or otherwise, could exceed.  See, e.g., Digest of Assembly Bill 860, by Assembly Speaker Jesse M. Unruh (as amended June 5, 1967), p. 6 (“The availability of a civil action for the recovery of triple damages should prove to be an effective deterrent in cases where wire­tapping or eavesdropping is connected with industrial espionage.  In such cases the possible economic rewards might be so great that they would outweigh the threat of criminal penalties.  But a large civil damage award, such as could be obtained in a triple damage suit, might in fact discourage the activity”).

It was further contemplated that repeat violations would be civilly remedied by means of injunctive relief, not though accruing penalties.  Id. (“In the same suit, or in a separate action, he could also seek to enjoin the continuation of the eavesdropping”).  This is significant in that the Legislature was obviously aware of and acknowledged the possibility of multiple violations by a defendant, but did not enact language stating that the penalty is to be awarded for each violation.

An interpretation that the penalty is only authorized once per action is all the more reasonable when one considers that the original $3,000 penalty in 1967, when the statue was enacted, would be worth approximately $20,000 in today’s dollars.  By the time section 637.2 was enacted, the Legislature had already passed several statutes where it overtly stated penalties were on a per violation or offense basis.  See, e.g., Civ. Code § 52; Bus. & Prof. Code § 556; Bus. & Prof. Code § 17536.  It even enacted statutes in 1967 that had language imposing penalties on a per violation basis, including penalties of as little as $100.  See, e.g. Food & Agric. Code § 10786; Civ. Code § 1716; Health & Safety Code § 18700.  With this backdrop, it is implausible that the Legislature intended to impose in section 637.2 the equivalent of $20,000 in penalties for each offense without following its contemporaneous and prior draftsmanship and explicitly stating the penalty would be on a per violation basis.

Class Defendants Should Consider Arguing That Statutory Penalties Are Capped At $5,000 Per Action

Class action defendants have strong arguments against a construction of section 637.2 that imposes the $5,000 penalty on a per violation bases.  One obstacle is those cases that have made statements in dicta that the penalty is per violation.  But, it does not appear the courts considered or were presented with the legislative history, nor did the decisions articulate the reasoning for their statements or engage in any meaningful analysis of the language of section 637.2.  Thus, their dicta should not be binding.  See, e.g., People v. Superior Court, 1 Cal. 4th 56, 66 (1991) (“we must view with caution seemingly categorical directives not essential to earlier decisions and be guided by this dictum only to the extent it remains analytically persuasive”); Kasky v. Nike, Inc., 27 Cal. 4th 939 (“disapprov[ing] as ill-considered dicta” certain statements the Supreme Court had made in a prior decision); People v. Evans, 44 Cal. 4th 590, 599 (2008) (noting with respect to a statement in a prior Supreme Court opinion that “an appellate decision is not authority for everything said in the court’s opinion but only for the points actually involved and actually decided”) (citation omitted); Appel v. Superior Court of Los Angeles County, 214 Cal. App. 4th 329, 340 (2013) (“general observations unnecessary to the decision [] are dicta, with no force as precedent” and that such statements even lack persuasive authority where they were not made in a process that “demonstrates a thorough analysis of the issue”).

A good-faith argument, therefore, can still likely be advanced that section 637.2 does not authorize a penalty per violation but rather only allows a penalty of $5,000 per lawsuit, or up to three times actual damages.  Class action defendants sued under CIPA should consider raising the argument if for no other reason than to preserve the issue for appellate review.

California Penal Code section 632.7 imposes criminal liability and, pursuant to Penal Code section 637.2, civil liability upon persons who intercept or receive a communication involving a cellular or cordless telephone and record the communication without consent.  The section and its sister provision, Penal Code section 632, are popular among class action plaintiffs in California as a means to challenge the business practice of recording customer service calls.   

The appeal of section 632.7 to plaintiffs is that it may not require the subject communication be confidential, unlike section 632. The question is raised, though, if section 632.7 even applies to the parties to a cellular or cordless telephone call.  Subsection (a) of the provision states, in part:

Every person who, without the consent of all parties to a communication, intercepts or receives and intentionally records, or assists in the interception or reception and intentional recordation of, a communication transmitted between two cellular radio telephones, a cellular radio telephone and a landline telephone, two cordless telephones, a cordless telephone and a landline telephone, or a cordless telephone and a cellular radio telephone, shall be punished by a fine [] or by imprisonment in a county jail [].

The provision can plausibly be read to mean that only third parties who intercept or receive a call involving others are subject to the law and that the law does not apply to the parties to the call. 

Unfortunately for defendants, the courts that have addressed the issue have ruled section 632.7 does apply to the call’s participants.  See, e.gSimpson v. Vantage Hospitality Group, Inc., No. 12-cv-04814-YGR, 2012 WL 6025772, at *5-6 (N.D. Cal. Dec. 04, 2012); Simpson v. Best Western Intern., Inc., No. 3:12–cv–04672–JCS, 2012 WL 5499928, at *6-9 (N.D. Cal. Nov. 13, 2012); Brown v. Defender Sec. Co., No. CV 12-7319-CAS PJWX, 2012 WL 5308964, at *4-5 (C.D. Cal. Oct. 22, 2012).  The courts found that the term “receives” in the section shows the provision’s applicability to call participants under the reasoning that during a call the participants “receive” communications from each other.  See, e.g., Best Western, 2012 WL 5499928 at *7-9 (so holding, though recognizing the plausibility that “receives” refers third parties who inadvertently receive communications by happenstance).

But, the federal district court decisions are not binding, and no published California appellate decision has held that section 632.7 applies to the parties to the communication.  Thus, it is still an arguable question in California whether the section applies to the communication’s participants.  The legislative history of the provision suggests it does not.

The Legislative History of Penal Code Section 632.7

The primary concern of the provision’s sponsors was the threat posed to the privacy of communications that travelled over the “airwaves” when either a cellular or cordless telephone was used.  The fear being that technological advances allowed such communications to be intercepted by third parties.  The sponsors felt that innocent interception or reception of a communication travelling over the air should not be punished, but that intentionally recording an intercepted or received call improperly intruded on privacy.  It was believed that Penal Code sections 632.5 and 632.6, which respectively prohibit maliciously eavesdropping on telephone communications over cellular and cordless telephones, did not address calls intercepted without malice but which were recorded. 

The intent of section 632.7 was thus to punish third parties who receive or intercept a call between other parties and record the call.  The author of the law, in explaining its purpose, wrote that there is a lower expectation of privacy for cellular and cordless communications travelling over the air, but that “this does not mean that persons who use cellular or cordless telephones may reasonably anticipate that their conversations will be both intercepted and recorded.”  Author Lloyd G. Connelly’s Statement of Intent, Assem. Bill No. 2465 (1992), p. 1.  (Emphasis original.)  He further explained:

While there may be utility in retaining relatively unimpeded access to the public ‘air waves,’ there is no value in permitting private telephone conversations that employ the ‘air waves’ to be indiscriminately record[ed].  AB 2465 strikes the appropriate balance.  The innocent, merely curious, or non-malicious interception of cellular or cordless telephone conversation will remain legal.  However, it will be illegal to record the same conversationsId.  (Emphasis added.)

That the section is intended to punish only the conduct of strangers to the call is further supported by then Sacramento County District Attorney Steven White who proposed to Connelly legislation in this area.  White advocated that the new statute was needed to “criminalize the recording of an intercepted cordless or cellular phone call.”  Letter to Assembly members Phil Isenberg and Lloyd Connelly (Nov. 5, 1991), p. 2.  He was motivated by a publicized incident in which a third party intercepted and recorded a conversation between two businessmen discussing a deal involving a third businessman. Id

Other contemporaneous pieces of the legislative history further suggest the provision was meant to apply only to calls that were both eavesdropped upon and recorded.  The Department of Finance summarized the bill as creating a new crime for the “willful interception and recording of virtually all types of transmitted communications between cellular telephones, cordless telephones, cellular and cordless telephones, cellular and landline telephones, and cordless and landline telephones.”  Dept. of Finance, Analysis of Assem. Bill No. 2465 (June 1, 1992), p. 1. (Emphasis added.)   The Senate Judiciary Committee in explaining the legal landscape at the time wrote “there is currently no statute prohibiting a person from intercepting and intentionally recording a communication transmitted via cellular or cordless telephones.”  Sen. Judiciary Com., Analysis of Assem. Bill No. 2465 (1991–1992 Reg. Sess.), p. 2. (Emphasis added.)  Assemblyman Connelly’s press release announcing the introduction of the legislation characterized it as “legislation to outlaw the intentional eavesdropping and recording of cellular and cordless telephone conversations.”  Author Lloyd G. Connelly’s Press Release (February 4, 1992), p. 1. (Emphasis added.)  But see Flanagan v. Flanagan, 27 Cal.4th 766, 771 n. 2 (2002) (stating in dictum and without analysis of the legislative history or otherwise that section 632.7 “prohibits intentionally intercepting or recording communications involving cellular telephones and cordless telephones”).   

Absent from the legislative history is an intent to regulate the conduct of the parties to the communication.  Indeed, the Legislature does not appear to have even considered the circumstance where a party to a communication records the communication.  Rather, the overwhelming focus of the legislative history is on third parties who intentionally or by accident receive a call between two other parties. 

Based on the Legislative History, Penal Code Section 632.7 Should Not Apply to the Parties to a Communication

In light of the legislative history, the term “receives” in section 632.7 is best read as not encompassing an intended recipient of a communication (i.e., a party to the call), but rather as referring to third parties who incidentally receive telecommunication signals, such as through the use of scanning equipment or other technology.  If the term “receives” were meant to include anyone who hears a communication including the participants to the call, then the term “intercepts” in the section becomes unnecessary.  One who “intercepts” a communication necessarily “receives” it as well.  A stronger interpretation that reconciles the legislative history with the terms of the provision and avoids superfluity is one that recognizes the term “intercepts” to be a signal of the law’s intent to regulate third party eavesdroppers.  Under this view, the language of the section comprises a cogent whole where “intercepts” refers to intentional eavesdroppers and “receives” refers to accidental eavesdroppers.    

Finally, the inclusion of facsimile transmissions among the communications subject to the law (Penal Code § 632.7(c)(3)), would be odd if the law is intended to apply to the parties to a communication.  A facsimile transmission necessarily results in a recording of the communication.  Under an interpretation where the section applies to the parties to the communication, any fax would subject the recipient, if not both the recipient and the sender, to liability.  This unreasonable result dissipates, however, if the law is understood as penalizing only those who intercept a communication between others.

Ultimately, though some case law may be to the contrary, the legislative history of section 632.7 provides a good faith basis to argue that the section does not apply to the parties to the telephonic communication.  Of course, businesses are best served by not getting entangled in the statute in the first place.  The author would be happy to discuss steps businesses can take to try to avoid suit under sections 632.7 or 632 offline.

According to a documentary filmmaker, the answer to that question is a resounding “Yes.”  Last week, Good Morning to You Productions Corp. (“GMTY”), a New York based film company, filed a class action lawsuit seeking to remove any purported copyright protection for the song “Happy Birthday to You,” as well as recovering all allegedly improper licensing fees collected by the Defendant, Warner Music Group.

Factual Background

We have all sung it and had it sung to us.  Warner Music, however, has apparently been collecting royalties on every commercial use of the song, to the tune of approximately $2 million dollars a year, according to the complaint. Happy Birthday to You, claims GMTY, originates from a song first published by Patty and Mildred Hill in 1893, titled Good Morning to All. Subsequent to that, a set of “Happy Birthday to You” lyrics was published in 1924, with an accompanying piano arrangement in 1935. It was the words plus arrangement for which Warner Music successfully obtained copyright protection. Under federal law, therefore, Warner retains the copyright until 2030, or 95 years after the arrangement was published. The complaint provides great detail on the litigation surrounding the ownership of Happy Birthday to You, but states that no court has determined the actual ownership rights of the song.

GMTY, therefore, claims that “More than 120 years after the melody to which the simple lyrics of Happy Birthday to You is set were first published, defendant Warner/Chappell boldly, but wrongfully, insists that it owns the copyright to Happy Birthday to You, and with that copyright the exclusive right to authorize the song’s reproduction, distribution, and public performances pursuant to federal law.” The complaint goes on to state that GMTY has proof that the song was in circulation in 1901, and that an Indiana school filed for copyright protection in 1912. Thus, goes the complaint, “Defendant Warner/Chappell either has silenced those wishing to record or perform Happy Birthday to You or has extracted millions of dollars in licensing fees from those unwilling or unable to challenge its ownership claims.”

Implications

Copyright challenges to older copyrights have been en vogue in recent years, including challenges to the ownership rights of both Zorro and Sherlock Holmes. If the Plaintiff here is successful in accomplishing its goals of either putting the song into the public domain or retrieving licensing fees collected by Warner Music, this case may serve as a catalyst for more litigation challenging copyright status through Rule 23.  Notably, this case also seeks to utilize California Unfair Competition Law, Cal Bus & Prof Code Sec. 17200, as Warner Music is a California-based entity.

On Tuesday, June 11, 2013, the Seventh Circuit denied comScore’s appeal from the district court’s ruling granting class certification, thereby allowing a class of tens of millions of plaintiffs from around the world to proceed to trial as a class action suit.  In re comScore, Inc., No. 13-8007 (7th Cir. June 11, 2013).

ComScore is an internet research company that monitors the usage of consumers who install comScore’s software and sells the data its collects to its clients who in turn use the data for marketing research and analysis of online behavior. To induce consumers to install its software, comScore bundles the software with free programs such as screensavers and games. Upon downloading the free programs, consumers are simultaneously prompted to download the monitoring software.  During installation of the software, consumers are presented with a Downloading Statement and a link to the User License Agreement which contains terms governing which information the software will collect from users’ computers and how that information will be used. 

ComScore’s monitoring software captures a variety of information about a consumer’s computer such as the names of every file on the computer and information entered onto a web browser, including user names, passwords, credit card numbers, bank account numbers, and phone numbers.  In the Downloading Statement, however, comScore assures consumers that it makes “commercially viable efforts to automatically filter confidential personally identifiable information . . .  and to purge [its] databases of such information.” 

Consumers, Mike Harris and Jeff Dunstan (“Plaintiffs”) brought a putative class action against comScore alleging violations of the Stored Communications Act (“SCA”), the Electronic Communications Privacy Act (“ECPA”) and the Computer Fraud and Abuse Act (“CFAA”) for improperly obtaining and using personal information of consumers after they downloaded and installed comScore’s software.   Specifically, Plaintiffs asserted that comScore exceeded the scope of consumers’ consent to monitoring in the User License Agreement by among other things intercepting confidential personal information and failing to purge the confidential information from its databases.

The District Court’s Opinion

Addressing each of the Rule 23 mandatory requirements, the district court granted certification of a class consisting of “all individuals who have had, at any time since 2005, downloaded and installed comScore’s tracking software into their computers via one of comScore’s third party bundling partners” for all three federal statutory claims. See Harris v. comScore, Inc., No. 11 C 5807, 2013 WL 1339262 (N.D. Ill. Apr. 2, 2013)

Commonality

 Importantly, the district court found numerous questions relevant to the alleged statutory violations could be resolved on a class wide basis.  The court rejected comScore’s argument that the scope of consent provided by the class members was an individualized inquiry, stating that where consent was manifested though the adoption of a form contract, such as the Downloading Statement and User License Agreement, and each class member engaged in a substantively identical process to download the software, the scope of consent determination was common across the class.  Further, the court reasoned that because the ECPA, the SCA and the CFAA only required proof of one incident of the software exceeding the scope of consent to establish a violation, the fact that the data collection varied for each individual depending on their use did not defeat the commonality element because the software collects certain data, such as the names of every file located on a user’s computer, from every user.

Ascertainability

Additionally, the district court ruled that Plaintiffs satisfied the Rule 23 ascertainability requirement, which requires the plaintiff to show that the class members are easily identifiable, despite the fact that at least a portion of class members are identifiable only through submission of individual affidavits. 

In allowing ascertainbility to be determined through a combination of company records and individual affidavits, the district court diverges from recent federal court opinions cautioning against “approving a method that would amount to no more than ascertaining by potential class members say so.”  Marcus v. BMW of North Am., LLC, 687 F.3d 583 (3d Cir. 2012); See also, In re Wal-Mart Stores, Inc. Wage & Hour Litig., No. C 06-2069, 2008 WL 413749, *8 (N.D. Cal. Feb. 13, 2008) (finding that where “Wal-Mart’s database did not provide records of either termination or the dates employees made themselves available for final payment . . . the proposed subclass was not ascertainable”); Deitz v. Comcast Corp., No. C06-06352, *8 (N.D. Cal. July 11, 2007) (finding the class unascertainable where the defendant’s records did not keep track of which subscribers owned cable ready TV boxes); Dumas v. Albers Medical, Inc., No. 03-0640, 2005 WL 2172030, *6 (W D. Mo. Sept. 7, 2005) (finding the class unascertainable where no records exist which would allow the class members to be identified); In re Onstar Contract Litig., 278 F.R.D. 352, 373 (E.D. Mich. 2011) (finding that the class was not ascertainable because very few class members could be identified through the data maintained by Onstar and the remaining member identification would require individual inquiries).

Predominance and Superiority

comScore argued that the statute of limitations raised individual issues which precluded class treatment because the SCA, ECPA and CFAA all had two year statutes of limitations subject to the discovery rule and, therefore, an individualized inquiry would be required to determine when each plaintiff discovered the alleged violation.  The district court, however, disagreed stating that comScore’s data collection is ongoing, therefore, those individuals with the software still installed are still within the limitations period.  Further, the district court reasoned that discovery of the information being collected by the software required analysis of the program’s computer code and it is unlikely that many class members would have the requisite knowledge about computers to discovery the violation thereby triggering the statute of limitations. 

Finally, the district court rejected comScore argument that the issue of whether each individual suffered damage or loss from comScore’s actions precluded certification, finding the SCA and the ECPA provided statutory damages for which only a violation must be established.  The district court further noted that although the CFAA required proof of loss aggregating at least $5000 in value, “individual factual damage issues do not provide a reason to deny class certification when the harm to each plaintiff is too small to justify resolving the suits individually.” 

 Implications

The district court’s decision granting class certification and the Seventh Circuit subsequent denial of comScore’s Rule 23(f) petition creates significant challenges for companies involved with data collection and opens the door for a wave of statutory based privacy class action lawsuits.  We suspect this will not be the last substantive ruling in this case, and will continue tracking the matter and updating our readers.

On April 8, 2013, the United States District Court for the Central District of California denied the plaintiff’s motion for class certification in Torres v. Nutrisystem, Inc., SACV 12-01854-CJC (JPRx), a lawsuit alleging Nutrisystem violated California Penal Code sections 632 and 632.7.

Penal Code section 632 prohibits the surreptitious recording of confidential communications made over a telephone. Section 632.7 prohibits the surreptitious recording of communications involving a cellular phone. Torres alleged that Nutrisystem secretly recorded a confidential cell-phone conversation she had with the company in August 2012. During the class period Nutrisystem did record calls when customers called its 1-800 number, but at the outset of the call it provided a welcome message that disclosed the call may be monitored or recorded for quality and training purposes. However, callers could bypass the disclosure by hitting any button during the welcome message.

In denying class certification, the court found that Torres did not meet the commonality requirement of Federal Rule of Civil Procedure 23(a) and did not satisfy the predominance requirement of Rule 23(b)(3). The thrust of the court’s ruling was that the disclosure during the welcome message undermined the commonality of the class and raised individualized issues as to whether the putative class members had an objectively reasonable expectation of privacy or consented to the recording. Issues such as whether and when class members heard the disclosure and the impact the disclosure may have had on their expectations or consent created uncommon and individualized issues.

But the court also suggested that commonality and predominance may be lacking even absent the disclosure issue. For instance, the court hinted that common issues may be lacking given that it is now well-known that businesses may record customers’ communications with their customer service representatives and that certain customers may therefore expect their calls to be recorded even absent a disclosure that the call may be recorded. The court also stated that even if customers had an expectation of confidentiality, individualized issues may arise as the trier of fact would still need to determine if such expectation was objectively reasonable, which in turn is informed by idiosyncratic facts, such as the length of the class member’s relationship with the defendant and prior interactions with the defendant.

Finally, although the commonality prerequisite was not met in any event, the court also found that Torres did not satisfy Rule 23(b)(2), which allows for class treatment when injunctive or declaratory relief would apply to the class generally. The provision was not satisfied because the issue had become moot as Nutrisystem reconfigured its welcome message so that the pending disclosure could not be bypassed and Nutrisystem was not likely to allow the disclosure to be bypassed in the future.

In its second major decision in two years involving the Song-Beverly Credit Card Act  – which prohibits retailers from obtaining and recording customers’ “personal identification information” as a condition to accepting credit cards for payment of goods or services – the California Supreme Court gave retailers a post-holiday victory when it held in Apple v. Superior Court that California Civil Code section 1747.08 does not prohibit online retailers from obtaining and recording customers’ addresses and telephone numbers as a prerequisite to accepting credit cards as payment for purchases of downloadable items.

Section 1747.08 was enacted and amended in the early 1990s when online commerce did not exist.  The issue before the Supreme Court in Apple was whether the Act applies to online transactions where the product is delivered electronically, such as the delivery of content via Apple’s iTunes® store.  In the opinion issued today, the Supreme Court held that obtaining personal identification information during online transactions for downloadable products does not violate section 1747.08.

The Supreme Court did not consider if the Act applies to online transactions that do not involve electronically downloadable products.  It also did not consider if the Act applies to mail-order or telephonic transactions.  Thus, the Supreme Court’s opinion does not change existing authorities that allow retailers to request addresses and phone numbers in order to deliver products to their customers.  Nevertheless, it is important to recognize the bounds of the Supreme Court’s opinion.  The reasoning behind the decision is that obtaining and recording personal identification information may be necessary to prevent fraud.  To the extent retailers obtain and record such information for purposes other than preventing fraud or for a special purpose incidental but related to the credit card transaction, such as shipping, they still risk violating the law.