A California federal judge has denied class certification in a data privacy lawsuit against Yodlee, Inc., finding that the proposed class representatives lacked Article III standing and failed to satisfy Rule 23’s typicality and adequacy requirements. Covington represents Yodlee in this action. Clark v. Yodlee, No. 20-cv-05991-SK (N.D. Cal.)
Plaintiffs filed the putative class action complaint against Yodlee in August 2020, alleging that Yodlee – a technology company that provides business-to-business services to financial institutions and fintech clients – unlawfully collected, stored, and used bank transaction data and account information from consumers who used Yodlee’s Instant Account Verification (“IAV”) service to link bank accounts to various financial apps. By the class certification stage, the case had been narrowed to five plaintiffs asserting claims against Yodlee for violation of California’s Anti-Phishing Act (“CAPA”), invasion of privacy under the California Constitution and common law, and unjust enrichment.
Plaintiffs moved to certify a nationwide class and a California class. After full briefing, supplemental briefing, and oral argument, the district court denied plaintiffs’ motion in its entirety on the grounds that the proposed class representatives lacked Article III standing and also failed to demonstrate typicality or adequacy. Specifically, the court concluded there was no evidence that Yodlee had collected bank transaction data for any of the proposed class representatives, which data was central to plaintiffs’ claims and the sole basis for their compensatory damages theories. The court further concluded any claims by these proposed class representatives “would not be reasonably co-extensive with absent class members.” The court applied well-established precedent on standing and typicality/adequacy in holding that the case could not proceed as a class action.