On May 28, 2015, U.S. District Judge Lucy Koh in the Northern District of California certified a class of email users in a privacy action that claims Yahoo Inc. (“Yahoo”) violated the federal Stored Communications Act (“SCA”) and California’s Invasion of Privacy Act (“CIPA”) through its practice of scanning and analyzing emails of non-Yahoo Mail subscribers in order to display targeted ads to Yahoo Mail subscribers. In re Yahoo Mail Litigation, No. 13-CV-04980-LHK, (N.D. Cal. 2015). Plaintiffs are non-Yahoo Mail subscribers who sent emails to Yahoo Mail subscribers from non-Yahoo email accounts and allege that Yahoo routinely copies and extracts key words from emails and stores this information for later use. Plaintiffs allege that Yahoo’s practices violate § 2702(a)(1) of the SCA, which prohibits, among other items, divulging the contents of a communication without consent and § 631 of CIPA, which prohibits the recording or reading of any type of communication without the prior consent of all parties.
In light of the court’s prior decision in In re Google Inc. Gmail Litigation, No. 13-MD-2430-LHK (N.D. Cal. Mar. 18, 2014) which dealt with a very similar set of facts, the plaintiffs seek injunctive relief under Federal Rule of Civil Procedure 23(b)(2) instead of seeking class-wide damages under Rule 23(b)(3), which among other things, requires a showing of the predominance of common questions of law and fact and ascertainability of the members of the class. The injunctive relief sought would require Yahoo to cease scanning the emails of non-Yahoo Mail subscribers without consent, permanently delete all data Yahoo has collected and stored from non-Yahoo Mail subscribers without consent, and identify all individuals and entities with which Yahoo has shared or sold information or data collected from non-Yahoo Mail subscribers’ emails.
In finding that the plaintiffs satisfy all four requirements under Rule 23(a), the court stated that the numerosity requirement under Rule 23(a)(1) is satisfied because the estimation of potentially hundreds of thousands of class members is not disputed by plaintiffs and Yahoo. The court stated that Rule 23(a)(2)’s commonality element requires just a single common question and does not require that all issues be common. The court also identified common questions to the case, such as when and whether Yahoo intercepts emails and whether the contents are disclosed to third parties. With regard to typicality, the court held that Rule 23(a)(3) requires only that the plaintiffs’ claims are “reasonably co-extensive,” not “substantially identical” with the proposed class members’ claims. Plaintiffs and the proposed class members are subject to the same interception and scanning practices by Yahoo and the court held this was sufficient to satisfy the typicality requirement. The court also found the plaintiffs to be adequate class representatives pursuant to Rule 23(a)(4), and the plaintiffs’ strategic decision to only pursue certification of an injunctive relief class under Rule 23(b)(2) did not affect the plaintiffs’ adequacy to serve as class representatives. Here, the court also pointed out that certification of a Rule 23(b)(2) class does not preclude subsequent individual damages claims by class members.