Website analytics tools targeted in wiretapping lawsuits, such as pixels, often allow businesses to shield or mask collected data to avoid the transmission of sensitive data.  A California federal judge recently dismissed a wiretapping complaint filed against Google that glossed over this nuance “to the point of seeming intentionally slippery” in John Doe I, et al. v. Google LLC, 23-cv-02431, 2024 WL 3490744 (N.D. Cal. July 22, 2024).

The twelve plaintiffs in this case claimed that their healthcare providers installed Google technology on their websites, including Google Analytics, to track and collect data about their website activity for advertising purposes.  Among the data allegedly collected was the plaintiffs’ “personal health information.”  Plaintiffs filed a complaint against Google, asserting a mix of privacy claims, including under the California Invasion of Privacy Act (“CIPA”).  According to the plaintiffs, Google unlawfully wiretapped the plaintiffs’ communications with their healthcare providers’ websites, obtaining allegedly sensitive health data in the process.

Judge Chhabria dismissed the complaint in its entirety.  The dismissal was without prejudice, but Judge Chhabria voiced skepticism about the plaintiffs’ ability to successfully amend and granted leave to do so only “in an abundance of caution.”  Judge Chhabria identified the following “three overarching problems with the complaint.”

  • No Identification of the Specific Webpages with Pixel Installed:  The plaintiffs failed to identify “whether the source code” for Google’s pixel tools “is placed on web pages where it doesn’t belong”—i.e., where a user may provide personal health information.  This is important, Judge Chhabria reasoned, because “the source code can exist on one page of a website but not another.”  The complaint therefore rested on the flawed “assum[ption] that because there is Google source code somewhere on the health care providers’ web properties, that automatically results in Google intercepting any interaction the plaintiffs have had with that website.” 
  • No Allegations About How the Pixel Was Configured:  Even if the pixel tools were installed on webpages where a user may provide health information, there were no allegations that the pixel tools were configured to collect that information.  Instead, the plaintiffs merely alleged that businesses “could configure and use” the tools “in a way that would cause personal health information to be transmitted to Google,” without any factual allegations “about how the plaintiffs’ various [health] providers are actually using Google’s products.”
  • No Intent To Acquire Plaintiffs’ Health Information:  Finally, even if health data were transmitted through the pixels, the plaintiff failed to allege that Google intended to receive this information.  According to the complaint, Google “admonished” healthcare providers using its pixel tools “not to use the source code in a way that causes users’ personal health information to be transmitted to Google.”  Judge Chhabria rejected the plaintiffs’ characterization of these admonitions as “self-serving” because the plaintiffs “offer no support for their assertions that Google’s instructions are just a ruse to mask the company’s true objectives.”

This decision reinforces that plaintiffs seeking to pursue wiretapping claims must plead facts that plausibly support the elements of the claim.  They cannot simply rely on conclusory allegations or allegations regarding how a website or technology could be configured. 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Austin Riddick Austin Riddick

Austin Riddick is an associate in the firm’s Washington, DC office. He is a member of the Class Actions Practice Group.

Austin also maintains an active pro bono practice focused on criminal justice and civil rights issues.

Photo of Matthew Verdin Matthew Verdin

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in…

Matthew Verdin focuses on defending clients in the technology and financial services sectors. He has a strong record of delivering wins on behalf of clients in class actions and complex litigation, particularly in privacy and consumer protection lawsuits. Matthew is particularly successful in securing dismissals at the pleadings stage. For example, he won dismissal at the pleadings stage of over a dozen wiretapping class actions involving the alleged use of website analytics tools to collect data about users’ website visits. He also advises companies on managing litigation risk under federal and state wiretapping laws.

Matthew is also dedicated to pro bono legal services. Recently, he helped a domestic violence survivor win a case in the California Court of Appeal. Matthew’s oral argument led to the court ordering renewal of his client’s restraining order just one day later.