Privacy Class Actions May Be Too Big to Settle
SAN FRANCISCO — Plaintiffs appear to be in the driver's seat in two big privacy class actions against Google. The suits over Gmail and Street View have survived motions to dismiss, and the Ninth Circuit has emphatically rejected Google's appeal in the Street View case.
This is a point where settlement discussions would typically intensify. But is it possible plaintiffs now have too much leverage?
With potential classes of many millions of people and statutory damages ranging as high as $10,000 per violation under the Wiretap Act, the parties could confront a scenario where the case is simply too expensive to strike a deal.
It's a problem U.S. District Judge Richard Seeborg in San Francisco described in the recent class action over Facebook's sponsored stories.
"The challenge, given the size of the class, is that even a modest per-class member payment could easily require a total settlement fund in the billions of dollars," Seeborg wrote in an Aug. 26 order in Fraley v. Facebook. "This raises the specter of whether some class actions are simply too big to settle."
Facebook sidestepped that issue when only 615,000 members of a potential class of 150 million filed claims for $15. Those payments were packaged with about $5 million in cy pres awards to Internet watchdog groups, and Seeborg reluctantly gave his approval.
But cy pres relief appears to be on increasingly shaky ground at the Ninth Circuit, and the U.S. Supreme Court is scheduled to announce on Tuesday whether it will examine the law of cy pres awards in a different Facebook privacy case.
Duane Morris partner Richard Seabolt said he expects the "too big to settle" phenomenon to grow more common as Internet companies add to their user bases. He faced such a threat recently when plaintiffs lawyers warned him that "any payment that might be acceptable to individual class members would — when multiplied by hundreds of millions of users — be far too large for the defendant," he said.
That made the motion to dismiss the case a Rubicon moment. "You either win the motion to dismiss or face the risk of certification of a massive class and possible trial," Seabolt said, "because after the motion to dismiss it will be very difficult to settle."
Fortunately for Seabolt, his motion to dismiss was granted.
DOING THE MATH
In re Google Street View Electronic Communications Litigation, 10-MD-2184, is a proposed class action on behalf of every person in the United States whose wireless internet communications — typically across home Wi-Fi networks — were intercepted by Google during its Street View mapping project. Google leaders have admitted the company "screwed up" by inadvertently collecting data, but argued to the Ninth Circuit there was no privacy violation because Wi-Fi signals are accessible to the general public.
The Ninth Circuit disagreed — so emphatically that Google has complained in a petition for rehearing that the court "effectively granted partial summary judgment to the plaintiffs." Absent further review by the Ninth Circuit or the U.S. Supreme Court, liability appears all but established.
Sorting out the class could be more challenging. Plaintiffs attorneys led by Lieff Cabraser Heimann & Bernstein allege the class numbers "tens of thousands and perhaps millions." But precisely determining their identities could require digging into the 600 gigabytes of data Google scooped up, leading to further privacy incursions.
"We don't know who those people are, and they probably don't know either," said Eric Goldman, a technology law expert at Santa Clara University. "We might be telling them 'you suffered damage.' They might say 'I had no idea.' That's not how the conversation's supposed to go."
Goldman suggests that enjoining Google from intercepting Wi-Fi and ordering it to flush the data, which Google says it has never used, would be a more practical solution.
Of course, that might not sit well with potential class members, who could be entitled under the Wiretap Act to $10,000 each in statutory damages. If the class were to number 100,000 people, that would create exposure of $1 billion.
The math could be even more daunting in In re Google Gmail Litigation, 13-MD-02430, which accuses Google of violating the privacy rights of every email user in the United States who sent a message to or from a Gmail account during the last two years. Those claims, too, are brought under the Wiretap Act as well as various state laws.
James Wagstaffe of Kerr & Wagstaffe, who represents one of the plaintiffs in the Gmail case, said it would be premature to talk about settling. But generally speaking, he said, it's a mistake to focus only on plaintiffs' demands.
"When you have a case like these in which there is a very large number of potential plaintiffs, defendants are making a lot of money at what they do," he said.
Wagstaffe once recovered a $65 million judgment over theft of the domain name sex.com. Critics might have said it was a large award for a single domain name, but sex.com generated an enormous amount of revenue, Wagstaffe said.
Brian Pascal, a fellow at the UC-Hastings Institute for Innovation Law, said "too big to settle" privacy class actions remind him of the recording industry's suits against college students over pirated music in the early 2000s. With thousands in statutory damages available per song for copyright infringement, the RIAA in some cases demanded tens of millions of dollars.
"I have a hard time believing a court would level a $50 billion penalty because of a single violation" against millions of users, Pascal said. Using injunctive relief to change companies' behavior, and cy pres awards to help educate citizens about their privacy rights, would likely be more effective, he suggested.
QUESTIONING THE ENTERPRISE
Judges don't have to award the full measure of statutory damages, of course, especially when a case is settled before trial. The problem for the Google cases — as illustrated by recent settlements of Facebook class actions — is that judges may be reluctant to declare a settlement "fair, reasonable and adequate" if class members are recovering less than a penny on the dollar of a potential claim.
"This was a factor I emphasized from the outset of my discussions with the parties," mediator Ed Infante wrote in a declaration in Fraley, the sponsored stories class action. "Assuming that the class of persons who actually appeared in sponsored stories is 100 million members … a damage award of only one dollar for each class member would cost $100 million."
And under California law, class members could have been entitled to $750 each in that case. "Multiplying that amount by the size of the class leads to an astronomically large minimum of $75 billion," wrote Infante, a former federal magistrate judge. "Facebook would likely have strong bases for appealing such an award on due process grounds."
Facebook and the sponsored story plaintiffs eventually resolved the problem by establishing a $20 million settlement fund and proposing to pay each class member $10, with unclaimed funds awarded to cy pres to groups like the Electronic Frontier Foundation, the UC-Berkeley Center for Internet and Society, and the MacArthur Foundation.
When only 615,000 class members filed claims, the individual payout was raised to $15, leaving about $5 million for cy pres awards and $3.5 million for attorneys fees. "The relatively low amount offered undoubtedly discouraged class members from filing claims," Seeborg wrote in approving the deal. "Absent availability of a cy pres component, it simply might not have been feasible to settle this action."
The MacArthur Foundation has since declined the contribution.
The cy pres solution is increasingly coming under attack. Earlier this year six Ninth Circuit judges dissented from approval of another Facebook settlement — this one involving the Beacon program that broadcast details of users' personal lives — because the $6 million payout was in the form of a cy pres award to a newly created privacy entity partly controlled by Facebook.
A proposed cy pres award in another privacy class action against Google — this one involving search terms — is causing controversy in the Northern District. The Electronic Privacy Information Center wrote to U.S. District Judge Edward Davila on Aug. 22, complaining that plaintiff attorneys in In re Google Referrer Header Privacy Litigation, 10-4809, are trying to steer millions in cy pres funds to Google's preferred charities and their own law school alma maters, while providing class members no benefit.
The Supreme Court is expected to announce Monday whether it will review the Beacon privacy class action and the law of cy pres. Objectors including Ted Frank of the Center for Class Action Fairness complain in that case that statutory damages as high as $2,500 were available to class members, but they recovered nothing.
Frank said in an interview that if companies like Facebook or Google wind up settling claims potentially worth thousands of dollars per class member for a few cents, then either the claims must be extremely weak or class counsel is selling out the class. "Why do we want to reward attorneys for bringing cases where the value of a $1,000 claim is a few pennies because the chances of winning are so remote?" he says.
Santa Clara's Goldman has a separate concern — that Google might respond to the Gmail litigation by exiting Gmail. "We've seen Google get out of other lines of business" like Google Reader, he says. "I'm kind of fearful that a few plaintiffs lawyers get paid off and the entire Internet ecosystem gets hurt."
From Goldman's point of view, the idea of "too big to settle" should be a wakeup call to consider the law of privacy class actions. "There are times we might conclude there's not an appropriate remedy," he said. "At which point, we might question the enterprise."