Consumers may move forward with their suit against Yahoo for scanning e-mail messages in order to display relevant ads, a federal court judge in California ruled when she certified two classes of plaintiffs in the case.
Individuals across the country filed multiple lawsuits against Yahoo after news reports revealed that the company intercepted and reviewed messages in order to provide targeted ads. While the company’s terms of service disclosed that the company scans e-mails, the plaintiffs state that they actually did not have Yahoo accounts themselves and therefore never consented to having their messages scanned.
The plaintiffs moved to certify a class seeking injunctive and declaratory relief for violations of the federal Stored Communications Act (SCA) and California’s Invasion of Privacy Act (CIPA).
Yahoo objected that certification was inappropriate because plaintiff consent must be viewed on a case-by-case basis.
But U.S. District Court Judge Lucy Koh disagreed and certified a nationwide SCA class as well as a subclass of California residents under CIPA.
The court rejected Yahoo’s contention that the plaintiffs lacked standing based on the fact that it continued to send e-mails to Yahoo subscribers, even after they learned about the spying program.
This “overly narrow” proposition in the consumer protection context “would have the functional effect of eliminat[ing] injunctive relief altogether for victims of alleged violations of the SCA and CIPA,” the court said. “Under Yahoo’s proposed rule, to be eligible for injunctive relief, Plaintiffs would then have to cease receiving and sending e-mails to Yahoo Mail subscribers in order to avoid consenting to Yahoo’s future conduct. However, Plaintiffs must also show ‘a real and immediate threat of repeated injury in the future.’ Yahoo does not explain how Plaintiffs could both avoid ‘consenting’ to Yahoo’s conduct while simultaneously establishing a ‘real and immediate threat’ that Plaintiffs’ e-mails would be subject to Yahoo’s interception and use.”
Once the court established that the plaintiffs had standing, it reviewed the Rule of Civil Procedure 23(a) factors—numerosity, commonality, typicality, and adequacy—and found the class had satisfied each element. An estimated class of “hundreds of thousands” was more than sufficient for numerosity, and the plaintiffs shared at least one question of fact or law with the prospective class, the court said.
Both of the plaintiff’s claims—violations of the SCA and CIPA—will require resolution of the same issue for all class members, Judge Koh said, and questions of consent will not overwhelm the inquiry as to whether Yahoo intercepts e-mails to and from non-Yahoo mail subscribers.
“Although Yahoo may be correct that consent could present legal and factual questions that are not common to the proposed class, that observation does not bear on whether plaintiffs have identified other common legal and factual questions that are significant to plaintiffs’ claims and capable of class-wide resolution,” the judge wrote.
Typicality and adequacy of class representation were also satisfied, the court said. Judge Koh was not persuaded by Yahoo’s position that the failure to seek monetary relief indicated that the class representatives were poor choices.
Reviewing the Rule 23(b)(2) requirements, the court again found the class passed muster. Yahoo’s insistence that consent could not be determined on a class-wide basis did not recognize the fact that even if some class members have not been injured by the challenged practice, a class may nevertheless be appropriate.
“Yahoo may have to, as a practical matter, adjust its scanning practices on an individual basis,” Judge Koh wrote. “That does not, however, change the fact that Plaintiffs seek uniform relief from a common policy that Yahoo applies to all class members.”
The court certified two classes in the suit: (1) a nationwide group of individuals who are not Yahoo Mail subscribers and who sent or received e-mails from a Yahoo mail subscriber dating back to October 2, 2011 (the SCA class); and (2) a CIPA class made up of California residents who are not Yahoo Mail subscribers and who sent or received e-mails from a Yahoo Mail subscriber since October 2, 2012.
Other states had an interest in applying their own wiretap laws to the claims at issue, Judge Koh noted, so a nationwide class for CIPA claims would be inappropriate.
To read the order in Holland v. Yahoo, click here.
Why it matters: Judge Koh’s decision came as somewhat of a surprise, since she reached a different conclusion last year in a similar suit against Google where users challenged the scanning of their e-mail messages. That case settled soon after the court’s denial of class certification. While Yahoo might also like to settle the class action, an agreement could be more expensive with class members estimated in the hundreds of thousands.