Edward J. Davila
SAN FRANCISCO - A federal judge has pulled the plug on a class action accusing Apple of violating customers’ privacy rights, claims that rested on allegations of collecting and using data even after the users set device parameters they thought would shield their information.
U.S. District Judge Edward Davila issued a ruling granting Apple’s motion to dismiss the amended complaint, which he noted was largely unchanged from the first consolidated complaint he largely dismissed in September 2024. The notable differences were a decrease in named plaintiffs — from 15 to 10 — and that the amended complaint focused only on a setting about sharing data analytics, while abandoning reliance on a setting called “Allow Apps to Request to Track.”
But “the core facts have not changed,” Davila wrote, meaning the action still centers on customers’ use only of Apple software and not third-party applications. The plaintiffs said they believed by turning off the share analytics setting they could “disable the sharing” of such data altogether, but claimed that wasn’t the case when using the App Store, Music, AppleTV or the Books and Stocks apps, among others.
Davila said Apple asked him — and he agreed — to take notice of four additional documents beyond the 17 included in the prior dismissal motion: the Game Center welcome and settings screens, a Jan. 27 Game Center & Privacy disclosure and the center’s developer page.
Apple sought dismissal of California Invasion of Privacy Act claims, including allegations it eavesdropped or recorded confidential communication and used a pen register; alleged violations of the Pennsylvania Wiretapping and Electronic Surveillance Act; an alleged California Constitution privacy invasion claim, as well as violations of the state’s unfair competition law, breach of implied contract and unjust enrichment.
The pen register claim was new, Davila said, explaining the law defines that term as “a device or process that records or decodes dialing, routing, addressing, or signaling information transmitted by an instrument or facility from which a wire or electronic communication is transmitted, but not the contents of a communication.”
Apple argued a register has to be separate from whatever is transmitting the communications but said the apps in question are the source of the challenged communications. The plaintiffs countered by arguing their complaint targeted only certain processes within the apps, not the entire piece of software.
Davila said the opposition brief’s legal theory differs from the complaint, where the “allegations clearly identify Apple’s apps as the recording devices or processes, not some undefined processes within those apps.” He further said the plaintiffs “seemed to change their theory once again at the hearing on Apple’s motion to dismiss” by saying both the processes and the app are the alleged pen register.
Regardless, Davila said the claim fails because he agreed the legal “definition of ‘pen register’ necessarily applies only to a device or process separate from the source of the transmitted communications. To interpret the statute otherwise would lead to absurd results.”
He distinguished the Apple litigation from actions regarding third-party tracking technology embedded in websites and explained “Apple’s first-party apps and their underlying processes are a part of the source of the transmitted communications, which is enough to disqualify them from being pen registers.”
Davila rejected Apple’s argument the pen register law doesn’t apply to internet communications and didn’t grant dismissal on that point, nor did he accept Apple’s position the provision applies only to law enforcement agencies. However, he agreed with Apple that the complaint essentially tried to bring claims under contradictory sections of state law by at once alleging the apps recorded “communications” and later claiming the same apps only logged “dialing, routing, addressing or signaling information.”
Because the plaintiffs didn’t indicate one of the legal theories was meant only as an alternative, Davila found them to be “inconsistent allegations” that also provided grounds for dismissal. Although he expressed doubt they could plead a viable pen register claim, he did allow the plaintiffs leave to amend that portion of the complaint.
Turning to the CIPA claims, Apple renewed its argument the complaint didn’t identify any “confidential” data or a “communication” that centered the eavesdropping or recording allegations. The plaintiffs didn’t dispute they used client devices to request services from Apple servers, but insisted the fact they withdrew consent through the analytics setting let them reasonably believe no usage data would go to Apple.
“Consumers may hold a subjective expectation that no usage data would be sent to Apple, but that expectation is objectively unreasonable,” Davila wrote, saying his earlier findings still “apply with equal force,” adding that almost all the data the plaintiffs allege Apple collects “is of the kind one would expect Apple would need to collect” in order for the software to function.
Davila further said the amended complaint doesn’t contain sufficient specificity to establish the “communication” claim despite inclusion of search terms and URLs. He said looking up apps by name or search stock symbols “does not necessarily convey thoughts and ideas” and although the plaintiffs alleged Apple collected web addresses of referral and destination sites, they didn’t please the specific texts of what Apple collected rendering him “unable to infer that they contained users’ thoughts and ideas.”
One plaintiff, Carla Green, alleged she used search terms like “roommate” or “used cars,” which goes beyond typical browsing and make her the only one to allege Apple collected her “communication.”
Regarding the Pennsylvania law, Davila said the amended complaint still lacks details allowing the inference that collected information exceeded basic data. He also said the plaintiffs couldn’t allege their devices were the equipment “intercepting” communication.
As to California privacy law, Davila said the amended “allegations still miss the mark” by failing to show Apple subverted a reasonable privacy expectation. He said he’d already agreed turning off analytics sharing would create the assumption Apple would stop collecting some amount of data but rejected the new allegation that “this reasonable expectation of privacy covers data that is ‘unnecessary’ to the functioning of Apple’s apps. …
“First, plaintiffs do not clearly differentiate in their allegations what data are ‘necessary,’ and which are ‘unnecessary,’ nor do they substantiate the premise that Apple’s apps do not require the ‘unnecessary’ data elements to function,” he wrote. “IP latitude and IP longitude, for example, are required by certain apps that provide location-specific services. And date of birth is likewise necessary for apps providing age-restricted services. Second, even if they had made a clear distinction, plaintiffs have not demonstrated that the data they deem ‘unnecessary’ is highly sensitive.”
Davila said the plaintiffs also failed to cure their unfair competition allegations, as well as those for breach of implied contract and unjust enrichment. He finally agreed to dismiss, with prejudice, all claims based on Apple’s Game Center, noting the company argued the center isn’t an app and also that none of the plaintiffs alleged they personally used that function.
While again expressing doubt any of the complaint could be successfully amended, Davila granted another 30 days to refile “out of an abundance of caution.”
Plaintiffs are represented in the case by attorneys from the firms of Bursor & Fisher, of Walnut Creek and New York; and Lynch Carpenter LLP, of Pasadena and Pittsburgh.
