Publications & Presentations
June 4, 2015
In a first-of-its-kind ruling, Judge Lucy Koh of the Northern District of California recently granted class certification for the California-only subclass alleging data privacy violations in connection with Yahoo Inc.’s data mining of nonsubscribers’ emails. In re Yahoo Mail Litigation, Case No. 13-CV-04980-LHK, Dkt. No. 60 (N.D. Cal. May 26, 2015). Plaintiffs sought to certify both a nationwide class and California-only subclass of non-Yahoo email subscribers alleging that Yahoo scanned, stored and used the content of the emails that they exchanged with Yahoo email subscribers, without plaintiffs’ consent. The plaintiffs alleged that Yahoo’s practice violated: (1) the Stored Communications Act (18 U.S.C. §§ 2702(a)(1)), which prohibits divulging the contents of communication without consent), and (2) California’s Invasion of Privacy Act (Cal. Penal Code § 631), which requires all parties’ consent before recording or reading any type of communication.

The decision is noteworthy both because it is one of the first cases in which a class has been certified in a data privacy lawsuit, and because it reveals class action counsel’s strategy of trying to avoid the rigorous and often fatal hurdles of proving the ascertainability and predominance requirements to obtain class certification when seeking monetary damages. Superficially, at least, it also appears to be a departure from Judge Koh’s decision last year, denying the motion to certify a class related to the identical scanning and storing practice by Google Gmail. In re Google Inc. Gmail Litig., 2014 U.S. Dist. LEXIS 36957 (N.D. Cal. Mar. 18, 2014). In reality, the fault line is between the type of class that a plaintiff seeks to certify. 

Law360 paid subscribers can view the full article here.