A recent decision from the Northern District of California on a motion to dismiss examined consent and other key privacy issues. The putative class action claimed that payment processing company Stripe Inc. collected and used personal information from visitors to merchant partners’ websites in violation of various privacy laws, including the California Invasion of Privacy Act, Florida Security of Communications Act, and Washington’s wiretap law.
Stripe moved to dismiss based on plaintiffs’ consent to the challenged collection and uses, among other grounds. On July 28, 2021, Judge Yvonne Gonzalez Rogers partially granted and partially denied Stripe’s motion.
The court declined, however, to find at the pleading stage that plaintiffs also consented to Stripe’s alleged dissemination of their personal information to other third parties, such as Stripe’s own merchants and other customers. On that basis, the court allowed plaintiffs’ privacy claims to proceed under the California constitution, common law, and the “unfair” prong of California’s Unfair Competition Law.