The United States District Court for the Northern District of California has denied Google’s motion to dismiss the ECPA claims asserted against it in In re Google Inc. Gmail Litigation, No. 13-MD-02430 2013 WL 5423918 (N.D. Cal. Sept. 26, 2013). This decision provides a road map to plaintiffs’ lawyers and has already resulted in the filing of follow-on, copycat lawsuits.
The In re Google Plaintiffs allege that “since 2008, Google has intercepted, read, and acquired the content of emails that were sent or received by Gmail users while the emails were in transit.” Plaintiffs claim that Google intercepted these emails “to serve [its] profit interests” in a manner unrelated to its e-mail services – more specifically, so that the intercepted content could be used to inform Google’s targeted advertising and to create user profiles and models. Based on these allegations,Plaintiffs assert ECPA claims (as well as claims under state wiretapping statutes) and seek certification of, among other classes, nationwide classes that includes both certain Gmail users and certain individuals who are not Gmail users but who have either sent an email to a Gmail user and received a reply or received an email from a Gmail user.
In ruling on Google’s motion to dismiss the ECPA claims, the Court first addressed Google’s argument that it was exempted from liability under the statute because it read class members’ emails “in the ordinary course of business.” Because the complaint alleged that the “interception of email content is primarily used to create user profiles and to provide targeted advertising,” the Court focused on whether such actions were, in fact, “ordinary” parts of Google’s business. The Court cited ample precedent “that not everything that a company may want to do falls within the ‘ordinary course of business’ exception.” The Court then looked to the ECPA’s statutory scheme and legislative history and concluded “that Congress did not intend to allow electronic communication service providers unlimited leeway to engage in any interception that would benefit their business models.” Ultimately, the Court held that the “alleged interceptions are neither instrumental to the provision of email services, nor are they an incidental effect of providing these services” and, accordingly, that the ordinary course of business exception did not apply.
The Court next addressed Google’s argument that all Gmail users had expressly consented to Google reading their emails, and the putative class members who were not Gmail users impliedly consented to Google’s interception by sending or receiving an email to or from a Gmail user. The Court rejected Google’s arguments with respect to its users, finding that Google’s terms of service and privacy policies “did not explicitly notify Plaintiffs that Google would intercept users’ emails for the purposes of creating user profiles or providing targeted advertising.” The Court also rejected Google’s implied consent argument for non-Gmail users, finding that such an interpretation of the law “would eviscerate the rule against interception.” The Court conducted similar analysis of the various state law claims alleged, granting the motion in part but largely rejecting Google’s arguments.
The Court’s ruling here opens to door for similar lawsuits against internet service providers challenging so-called “data mining” and targeted marketing practices. Indeed, within days of this decision, a similar complaint was filed against Yahoo, Inc., alleging that it illegally read, copied, and analyzed emails in order to make money on targeted advertising, profiling, data collection and other services. Kevranian v. Yahoo, Inc., 13-cv-04547 (N.D. Cal. Oct. 2, 2013) It is important to remember that the In re Google decision is only a ruling on a motion to dismiss, where Plaintiffs allegations must be taken as true and pleadings must be construed in a light most favorable to Plaintiffs. Whether Plaintiffs will ultimately be able to prove the claims they assert (or obtain class certification) is an issue for another day
The Court granted Google’s motion to dismiss 1) plaintiffs’ California Penal Code § 632 claim, finding that the communications at issue were not “confidential” as the statute requires; and 2) claims under Pennsylvania law raised by plaintiffs who received emails from Gmail users, as Pennsylvania law only protects the sender from wiretapping.