A California federal district court recently granted in part the dismissal of certain federal and state privacy claims, including a California Consumer Privacy Act (“CCPA”) claim, in Hayden v. The Retail Equation, Inc., No. 8:20-cv-01203 (C.D. Cal.).  Plaintiffs in Hayden alleged that twelve retailers unlawfully shared customer data with a computer software firm, The Retail Equation (“TRE”), which in turn created “customer risk scores” to identify potentially fraudulent customer returns.  This customer risk score was alleged to include information about the customers’ purchase histories, information gleaned from social media, as well as personal information, including name, government identification card or passport information, address, sex, race, and date of birth.  TRE and the retailers sought dismissal of: (1) the Fair Credit Reporting Act (“FCRA”) claim; (2) the CCPA claim; (3) the California invasion of privacy claim; (4) the Unfair Competition Law (“UCL”) claim; and (5) unjust enrichment claim.  The Court dismissed all but the invasion of privacy claim.

First, as to the FCRA claim, the court held that the alleged activities did not meet the statutory definition of a “consumer report” under the FCRA.  Specifically, the court highlighted that the customer risk score does not bear on plaintiffs’ eligibility for credit, and the retailers are not issuing any credit to the plaintiffs by deferring any payment or debt.  The court reached this conclusion despite the fact that TRE describes itself as “consumer reporting agency” producing “consumer reports.” 

Second, the court dismissed the CCPA claim.  The Court held that disclosure of customers’ non-anonymized data was not the result of a failure to implement and maintain reasonable security measures, which would be actionable under the CCPA, but was rather a business decision to combat retail fraud.  In sum, the court found the CCPA inapplicable because plaintiffs did not allege that the retailers violated their duties as they relate to security procedures and practices, and, for the non-California plaintiffs, that the CCPA was only actionable as to California residents.

Third, the court declined to dismiss the invasion of privacy claim.  First, the court found that plaintiffs properly alleged a reasonable expectation of privacy.  Distinguishing it from routine commercial behavior, the court pointed to data collected from social media, and highlighted that this information is thereafter combined with transactional data to create individual profiles.  Second, the court concluded that the plaintiffs had properly alleged that the data collection was highly offensive, where plaintiffs had argued that risk score penalizes a consumer’s association or relationship with certain individuals based on the inclusion of social media information, and that, in any event, the resolution of this determination was better resolved beyond the pleading stage.

 Lastly, the court dismissed the UCL and unjust enrichment claims because there is an adequate remedy at law in light of the court’s ruling as to the invasion of privacy claim.  

Tags: Data Privacy, Litigation, privacy, technology
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Megan Rodgers Megan Rodgers

Megan Rodgers is a partner in Covington’s litigation practice who focuses her practice on high-stakes complex litigation in federal and state courts, with a particular focus on mass torts and class actions in the technology and life sciences industries.

Megan is known for…

Megan Rodgers is a partner in Covington’s litigation practice who focuses her practice on high-stakes complex litigation in federal and state courts, with a particular focus on mass torts and class actions in the technology and life sciences industries.

Megan is known for navigating especially complex cases and successfully taking cases from pre-trial through jury verdicts. As a member of multiple trial teams, she has experience conducting trial examinations, arguing directed verdict and other dispositive motions, preparing expert and fact witnesses for deposition and trial, presenting in jury exercises, and developing case strategy. Most recently, she defended a pharmaceutical distributor against mass tort claims alleging public nuisance in a six-month bench trial in the opioids litigation. As a class action litigator, Megan uses her trial experience to shape strategy early on in a way that sets clients up for success at the class certification stage.

Megan was recently named a “Lawyer on the Fast Track” by The Recorder, recognized by the Daily Journal in its “Top 40 Under 40” feature, and named a “Rising Star” by Law360.

Watch: Megan provides insights on class action litigation, as part of our Navigating Class Actions video series.

 

Read more about Megan RodgersEmail
Show more Show less
Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer…

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.

Read more about Kathryn CahoyEmail
Show more Show less