Duane Morris Class Action Review - 2023 - Report - Page 254
D.
Other Privacy Class Action Rulings
The jurisprudence in other states’ privacy class actions is limited as compared with the
BIPA. However, as those states’ laws evolve in the next several years, we anticipate a
similar uptick in rulings as compared with the last four years under the BIPA.
In Chien, et al. v. Bumble Inc., 2022 U.S. Dist. LEXIS 211096 (S.D. Cal. Nov. 17, 2022),
plaintiff filed a class action alleging that the defendants allegedly collected, used, and
disclosed users' personally identifiable information (PII) and biometric information
through an internet-based dating application called Bumble (App) in violation of the
California Consumer Protection Act (CCPA). The plaintiff further asserted that the
defendant failed to conduct security checks, and thus a third-party group was able to
“repeatedly probe the server for information on Bumble users.” Id. at *6. The defendants
filed a motion to dismiss pursuant to Rule 12(b)(2) for lack of personal jurisdiction and a
motion to compel arbitration. The court granted in part the motion to dismiss, and
granted the motion to compel arbitration. The defendants contended that they all have
principal places of business in Austin, Texas and were incorporated in Delaware. The
court found that the alter ego theory did not apply to the defendants Bumble Inc. or
Buzz Holdings such that Bumble Trading's actions could be imputed to them. The court
also analyzed whether any remaining defendant maintained such minimum contacts
with the State of California such that it has “purposefully availed [itself] of the privilege of
conducting activities in the forum, thereby invoking the benefits and protections of its
laws.” Id. at *17-18. The plaintiff asserted that Bumble's activities aimed at California
were purposeful and systemically exploited the California market such that Bumble
purposefully availed itself to the laws of California. The plaintiffs further contended that
that Bumble Inc. had an active role in operating, developing, marketing, and controlling
the App, which the defendants disputed. The court found in favor of the plaintiff. It
opined that there was sufficient evidence that Bumble Inc. was involved. Accordingly,
the court found Bumble Inc. also had purposely directed its activities toward California in
light of Bumble Inc.'s role as a parent corporation. The court further determined that the
defendants’ forum-related activities were at least related to, if not causally connected to,
the alleged data breach and the plaintiff’s corresponding claims of injury to users
residing in California. The court therefore concluded that the defendants’ purposefully
directed activities at the forum State and plaintiff’s claims arose out of and/or related to
these forum-related activities, such that the court had specific jurisdiction over the
defendants. However, the court reasoned the parties entered into a valid arbitration
agreement with a delegation clause, which the plaintiff failed to challenge. The court
thus found that there was clear and unmistakable evidence that the parties agreed to
arbitrate, and granted the motion to compel arbitration.
In Ji, et al. v. Naver Corp., 2022 U.S. Dist. LEXIS 179263 (N.D. Cal. Sept. 30, 2022),
Plaintiffs filed a class action alleging that the defendants’ apps, LINE Messenger and
B612, collected privacy and personally identifiable user information without users’
consent in violation of the California Right to Privacy Act, the California False
Advertising Law, California Invasion of Privacy Act, the Electronic Communications
Privacy Act, the Computer Fraud and Abuse Act and the BIPA. The defendants filed
three separate motions to dismiss pursuant to Rule 12(b)(2) and 12(b)(6). The court
253
© Duane Morris LLP 2023
Duane Morris Class Action Review – 2023