Skip to main content

Alleged Wiretap Act and CIPA Violations Held to Satisfy Spokeo Test for Standing in Latest Gmail Privacy Class Action

In the wake of the Supreme Court’s decision in Spokeo, Inc. v. Robins, 136 S. Ct. 1540 (2016), lower courts have begun to address whether alleged violations of statutes intended to protect privacy suffice, in the absence of any further alleged injury, to establish Article III standing.  In Matera v. Google Inc. No. 15-cv-04062-LHK (Sept. 23 2015) Judge Lucy Koh of the Northern District of California ruled that a complaint alleging violations of the federal Wiretap Act, 18 U.S.C. § 2511(a)(1), and the California Invasion of Privacy Act (“CIPA”), Cal. Penal Code § 631, without more, pleads sufficient injury to satisfy the requirements for Article III standing as set forth in Spokeo.  In so ruling, the court concluded that Spokeo did not overrule prior authority finding Article III standing to sue for Wiretap Act and CIPA violations.

Matera is the latest lawsuit against Google challenging its practice of screening email sent using its various services (including Gmail and the commercial Google Apps suite offered to businesses and educational institutions).   The cases have alleged that Google’s practice of screening email for the purpose of targeting advertisements and search results to email users violated various state and federal privacy statutes.  Claims brought by Gmail and Google Apps subscribers fizzled when the court denied class certification due to the predominance of individualized issues concerning users’ consent to the email screening.  See In re Google Inc. Gmail Litig., No. 13-MD-02430-LHK (Mar. 18, 2014).  The plaintiffs in Matera, who are not Gmail or Google Apps subscribers, allege that Google screened email that plaintiffs sent to Gmail and Google Apps subscribers without the plaintiffs’ consent, thereby violating the Wiretap Act and CIPA.  Plaintiffs did not allege that they had sustained any independent injury as a result of Google’s email screening practices.

Google moved to dismiss for lack of standing.   Google argued that, in light of the principles established in Spokeo, plaintiffs’ bare allegations of statutory violations were insufficient to establish Article III standing.  Judge Koh, however, read Spokeo to recognize that a statutory violation, standing alone, could give rise to standing where one of two factors is present.  The first is whether the statute provides redress for a right recognized at common law.  The second is whether the statute confers substantive rather than procedural rights.  She found both factors to be present in Matera.

First, the purpose of both the Wiretap Act and CIPA was to prevent invasions of privacy, a right long recognized at common law.  Intercepting communications in violation of the Wiretap Act results in an invasion of privacy.  Likewise, CIPA forbids acts defined to constitute invasions of privacy.  Under the common law, the very invasion of that privacy interest results in a cognizable injury that is sufficient to satisfy Article III, whether or not the defendant makes any further use of the intercepted information.

Next, the court found that the Wiretap Act and CIPA established substantive rights to be free from interception of electronic communications.  In contrast to statutes that purport to impose penalties for failure to adhere to procedural requirements, the court found that both statutes protect the right to be free from unwanted invasion of privacy.  By violating that substantive right, a defendant causes an injury that gives rise to Article III standing.

In denying Google’s motion to dismiss, Judge Koh adhered to a long line of pre-Spokeo authority – including her own decision in the earlier Google email case, see In re Google Inc. Gmail Litig., 13-MD-02430-LHK (Sept. 26, 2013)  – finding that plaintiffs have standing to bring statutory privacy claims without alleging independent injury.  The decision in Matera may signal that Spokeo will not result in any significant change in the application of Article III standing doctrine in privacy cases.

Subscribe To Viewpoints


Kevin M. McGinty

Member / Co-chair, Class Action Practice

Kevin is a member of the firm's Health Care Enforcement Defense Group and has significant experience representing health care–related entities in a variety of litigation matters, including contract, regulatory, False Claims Act and class action lawsuits. Kevin's health care industry clients have included pharmacies, PBMs, hospitals, clinical laboratories, diagnostic imaging providers, pharmaceutical companies and managed care organizations.