The plaintiffs’ bar continues to march forward in bringing privacy-related class actions. As we’ve written before, companies have often been able to defeat such lawsuits at the pleading stage when plaintiffs cannot allege that they suffered a harm that was concrete or cognizable. But that trend has not been universal: In a recent case involving Apple, the federal court for the Northern District of California refused to dismiss the majority of claims, in large measure because the plaintiff alleged that she relied on the company’s online representations concerning the privacy and security of personal information.
In Pirozzi v. Apple, Inc. (pdf), the plaintiff alleged that Apple acts as a “gatekeeper” in reviewing and screening the apps it makes available for download in its App Store. According to the second amended complaint, Apple’s App Store Review Guidelines state that third-party apps “cannot transmit data about a user without first obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.” Apple also requires all app developers to agree to its iOS Developer Agreement, which requires developers to follow this policy. In addition, the plaintiff alleged that, at the time she was considering whether to purchase an iPhone, Apple’s website said that “[a]ll apps run in a safe environment, so a website or app can’t access data from other apps.”
Despite these agreements and online statements, plaintiffs alleged that some apps (including popular ones like Facebook and Angry Birds) accessed users’ contacts, location data, and private videos and photographs without user consent. The plaintiff alleged that if she had known “that the apps would be able to potentially steal her private photos and contacts she would not have downloaded the apps and would not have paid as much as she did for the iPhone, or would not have purchased the iPhone” at all.
In arguing that the plaintiff lacked standing under Article III of the U.S. Constitution as well as California’s consumer protection statutes, Apple contended that the plaintiff failed to allege that she suffered a “non-speculative injury.” But the court concluded that it was “enough” for the plaintiff to allege that “that she was ‘misled as to the nature and integrity of Apple’s products’” based on Apple’s online representations about app privacy and security. The court concluded this was a “palpable economic injur[y]” because plaintiff was able to point to a specific online statement that she found material in her decision to purchase the Apple iPhone and apps. And the alleged reliance on such a statement also sufficed, in the court’s view, to satisfy the requirement that claims of fraud be pleaded with particularity.
The court apparently saw a difference between Pirozzi’s claims and the long line of cases in which claims were dismissed when a plaintiff could not identify concrete harms resulting from the allegedly improper disclosure of private information. The deciding factor, it seems, was that Pirozzi could point to specific online statements that (she says) led her to pay more for an iPhone than she would have without those statements. Does this decision signal a broad changing of the tide in privacy cases? We don’t think so. But it should remind companies to reexamine their online statements (including relevant contract terms and privacy policies) to ensure that those statements are in fact consistent with company and industry practice.