CIPA Litigation and the “Technological Capability” to Violate California’s Privacy Laws
In Ambriz v. Google, LLC, a court in the Northern District of California refused to grant Google’s motion to dismiss the plaintiffs’ claims under Section 631(a) of the California Invasion of Privacy Act (CIPA) for (i) “intentional wiretapping,” and (ii) “willfully attempting to learn the contents or meaning of a communication in transit.” The lawsuit challenges Google’s AI-powered product, Google Cloud Contact Center AI (“GCCCAI”), which is used to support the customer service centers of other businesses by providing a virtual agent with whom callers can interact.
The plaintiffs alleged that they placed customer service calls to businesses that use the GCCCAI service – specifically, Verizon, Hulu, GoDaddy, and Home Depot – and spoke with a “virtual agent” and human representative but did not know that Google would be listening in on and transcribing the call. Nor did the plaintiffs consent to Google’s alleged eavesdropping. Google moved to dismiss the CIPA claims on the ground, among others, that it simply provides a software tool to its business clients and was not “an unauthorized third-party listener to the communications between the named Plaintiffs and the customer service centers they called.”
In denying Google’s motion to dismiss, the court began its analysis by explaining the split that has emerged in cases interpreting CIPA 631(a): Some courts require a plaintiff to allege that the software vendor actually used the data it obtained for its own, independent purposes (the so-called “extension test”), while other courts only require a plaintiff to allege that the software vendor has the capability to use the data for its own purposes, as set forth in Javier v. Assurance IQ, LLC (the so-called “capability test”). The court then applied the “capability test,” reasoning that (i) it would be improper to impute a use requirement to all of section 631(a) given that, as the Javier court noted, “there is already a use requirement in one of section 631(a)’s discrete clauses (‘us[ing], or attempt[ing] to use, in any manner, or for any purpose, or to communicate in any way, any information so obtained’),” and (ii) the California Supreme Court had never before considered the third-party listener’s intentions or their use for the information obtained. Based on Google’s terms of service, which allow Google to “use data collected on customer service calls for its own purposes if its business clients grant it permission to do so,” the court found “a plausible inference that Google has the technological capability to use the data it collects and analyzes, regardless of whether it actually makes use of that data.” The mere fact, therefore, that Google had the technological capability to use such data was the determining factor. Because Ambriz alleged that he called Verizon customer service several times and spoke with both a GCCCAI virtual agent and human agent, his case could proceed to discovery.
Ambriz adds to the growing list of California courts’ decisions that have continued to allow CIPA litigation where there is seemingly “no injury.”