The Northern District of California yesterday denied class certification to a group of plaintiffs suing Google over the company’s practice of scanning emails for advertising purposes in its Gmail service.
Judge Lucy H. Koh held that individualized issues of consent would predominate over any common issues of law in the litigation, and denied Plaintiffs’ request to certify four classes and three subclasses of plaintiffs.
Plaintiffs sought to bring claims under the federal Wiretap Act and analogous state anti-wiretapping statutes.
Plaintiffs contend that Google’s practice of scanning emails for advertising purposes violates these anti-wiretapping laws because the practice involves Google’s “interception” of users’ communications. The Wiretap Act prohibits the interception of wire, oral, or electronic communications, but contains several exceptions that render such interceptions lawful, including an exception based on the consent of one of the parties to the communication. The state anti-wiretapping laws contain similar exceptions, though the consent exceptions in some states require the consent of all parties to the communication.
The Court found that “individualized questions with respect to consent, which will likely be Google’s principal affirmative defense, are likely to overwhelm any common issues” Accordingly, it held that none of the proposed classes could satisfy the requirement that common issues of law predominate over individual issues for a case to proceed as a class certification.
The Court found that a putative Google Apps for Education class of plaintiffs would face significant questions about any express consent they may have given to Google’s scanning practices, because Google “had no single policy that required all Google Apps Administrators to provide the same disclosures to end users.” This “diversity of disclosures” would require “substantial individualized inquiries on the issue of express consent,” the Court found, defeating any claim that class issues would predominate.
Similarly, the Court held that claims advanced by the other proposed classes would require substantial individualized inquiries into the issue of implied consent. The Court agreed with Google that “a broad swath of evidence that email users were notified of the interceptions, such as Google disclosures, third-party disclosures, and news articles, are relevant to the factual question of implied consent.” This “panoply of sources” would require a fact-finder to “evaluate which of the various sources each individual user had been exposed [to] and whether each individual ‘knew about and consented to the interception’ based on the sources to which she was exposed,” the Court found.
Because it held the classes did not satisfy the predominance requirement, the Court did not address the other elements required to achieve class certification. The Court also denied Plaintiffs’ request to be allowed to amend their complaint to certify a class seeking injunctive relief.
The decision will no doubt be described as a landmark in online privacy litigation, much of which involves laws that, like the anti-wiretapping statutes here, contain consent exceptions that render class-wide treatment of claims inappropriate. The Court’s decision presents a significant obstacle to the plaintiffs’ success in online privacy cases.