Pirozzi sued Apple for failing to prevent third-party
software applications distributed through its online App Store from uploading
user information from their mobile devices without permission. She alleged the usual California claims. Apple moved to dismiss, and the court granted
the motion, though with leave to amend; the court also rejected Apple’s broad
§230 arguments.
Pirozzi alleged that apps are integral to users’ experiences
on Apple devices, and that the App Store was the exclusive source of apps. Apple thus completely controls users’
experience in the development of Apple devices and the development and
selection of available apps.
In addition, Apple’s App Store Review Guidelines provide
that “Apps cannot transmit data about a user without obtaining the user's prior
permission and providing the user with access to information about how and
where the data will be used.” Third
parties are contractually required to obtain user consent before they collect
any user or device data through their apps.
Apple states that it reviews all apps submitted to the App Store for
compliance with its rules. It also
claims that its OS “is highly secure from the moment you turn on your iPhone.
All apps run in a safe environment, so a website or app can't access data from
other apps. iOS also supports encrypted network communication to protect your
sensitive information. To guard your privacy, apps requesting location
information are required to get your permission first.”
Notwithstanding these claims, Pirozzi alleged, “Apple-approved
apps have downloaded and/or copied users' private address book information
(including names and contact information of users' contacts), location data,
private photographs and videos without the users' knowledge or consent when a
user agrees to allow an app to access the user's then current locations.” Such apps allegedly include Angry Birds, Cut
theRope, Twitter, Facebook, LinkedIn, Instagram, Foursquare, and Yelp!
Pirozzi alleged that she relied on Apple’s statements when
deciding to buy an Apple device and buy apps.
However, she didn’t specify which Apple device she owned, which apps she
downloaded, or whether any third-party app actually uploaded personal
information from her mobile device.
Apple challenged Pirozzi’s standing on the ground that she
failed to allege that she lost money or that any third-party app uploaded her
personal information. But that
misconstrued the nature of her allegations: that Apple’s misrepresentations and
omitted material facts induced her purchases.
This type of allegation satisfies the injury in fact and causation
requirements for Article III standing.
However, Pirozzi failed to allege specifically which statements were
material to her purchase decisions, which meant she hadn’t properly alleged
injury in fact caused by the complained-of conduct. (Apple submitted various documents that it
argued precluded these claims because of the disclosures therein; this might
create an issue of fact as to reasonable reliance, but the disclosures didn’t
contradict the representations alleged in the complaint.)
As for the second type of harm identified, misappropriation
of her personal information, Pirozzi didn’t allege that a third-party app
developer actually misappropriated her personal information, only that it was
now at greater risk of misappropriation.
This hypothetical threat was insufficient to confer Article III standing
as to her negligence and unjust enrichment claims, absent allegations of
specific apps that tracked her personal information and harmed her in some way.
Apple then argued that CDA §230 precluded the claims against
it because, since misappropriation of users’ information was the heart of the
case, Pirozzi was seeking to hold Apple liable for its exercise of editorial
discretion in approving and distributing apps.
Not so: the claims were not based solely on the distribution of apps,
but on representations made by Apple itself.
“To the extent that Plaintiff's claims allege that Apple's
misrepresentations induced Plaintiff to purchase an Apple Device, those claims
do not seek to hold Apple liable for making Apps available on its website.” Instead, Apple was itself an information
content provider as to those claims.
Still, on the record before the court, it would be premature to reject
§230 immunity entirely.
Next, the consumer protection claims were grounded in fraud,
but they didn’t satisfy Rule 9(b).
Pirozzi failed to allege the particulars of her own experience reviewing
or relying upon any of the statements detailed in the complaint, or which
devices or apps she bought in reliance thereon, or which apps, if any,
downloaded her personal information. The
court declined to decide at this point whether any of Apple’s alleged
representations was a specific verifiable claim.
Apple then argued that the CLRA claim failed because App
Store users weren’t consumers and the apps weren’t goods or services. The use of the App Store was free and the
apps listed in the complaint were free.
(Angry Birds? I don’t know about
you, but they keep asking me to buy stuff.)
Thus, Pirozzi wouldn’t have paid for Apple’s services or software. Pirozzi argued that her CLRA claim was
premised on her purchase of goods, here Apple devices; the complaint didn’t say
that, but she was given leave to amend.
As to negligence, Pirozzi alleged that “Apple owed a duty to
Plaintiff to protect her personal information and data, and to take reasonable
steps to protect her from the wrongful taking of her personal information and
the wrongful invasion of her privacy.”
Apple argued that it owed no such duty to protect her from the conduct
of third parties. Pirozzi rejoined that
Apple’s control over the user experience from development of the devices to
selection of the available apps created a special relationship between the
parties, and that Apple undertook this duty by commiting to review all apps for
adherence to its policies. The court
found that these allegations were insufficient to allege an independent legal
duty on Apple’s part. Likewise, her
allegations that Apple was unjustly enriched failed to sufficiently allege that
Apple received a benefit from the unauthorized access to private user
information.
Posts
No comments:
Post a Comment