16-3194-cv
Mount v. PulsePoint, Inc.
UNITED STATES COURT OF APPEALS
FOR THE SECOND CIRCUIT
SUMMARY ORDER
RULINGS BY SUMMARY ORDER DO NOT HAVE PRECEDENTIAL EFFECT. CITATION TO A
SUMMARY ORDER FILED ON OR AFTER JANUARY 1, 2007, IS PERMITTED AND IS GOVERNED
BY FEDERAL RULE OF APPELLATE PROCEDURE 32.1 AND THIS COURT’S LOCAL RULE 32.1.1.
WHEN CITING A SUMMARY ORDER IN A DOCUMENT FILED WITH THIS COURT, A PARTY
MUST CITE EITHER THE FEDERAL APPENDIX OR AN ELECTRONIC DATABASE (WITH THE
NOTATION “SUMMARY ORDER”). A PARTY CITING A SUMMARY ORDER MUST SERVE A
COPY OF IT ON ANY PARTY NOT REPRESENTED BY COUNSEL.
At a stated term of the United States Court of Appeals for the Second Circuit, held
at the Thurgood Marshall United States Courthouse, 40 Foley Square, in the City of New
York, on the 27th day of March, two thousand seventeen.
PRESENT: REENA RAGGI,
DEBRA ANN LIVINGSTON,
SUSAN L. CARNEY,
Circuit Judges.
----------------------------------------------------------------------
BRIAN MOUNT, THOMAS NAIMAN, individually and
on behalf of other similarly situated persons,
Plaintiffs-Appellants,
v. No. 16-3194-cv
PULSEPOINT, INC.,
Defendant-Appellee.
----------------------------------------------------------------------
APPEARING FOR APPELLANTS: SAMUEL ISSACHAROFF, New York, New
York, (David A. Straite, Frederic S. Fox,
Laurence D. King, Kaplan Fox & Kilsheimer
LLP, New York, New York, San Francisco,
California, on the brief), Kaplan Fox &
Kilsheimer LLP, New York, New York.
1
APPEARING FOR APPELLEE: MICHELLE A. KISLOFF, (Adam A. Cooke,
Lisa Fried, Amy Folsom Kett, Hogan Lovells
US LLP, Washington, D.C., New York, New
York, McLean, Virginia, on the brief), Hogan
Lovells US LLP, Washington, D.C.
Appeal from a judgment of the United States District Court for the Southern
District of New York (Naomi Reice Buchwald, Judge).
UPON DUE CONSIDERATION, IT IS HEREBY ORDERED, ADJUDGED,
AND DECREED that the August 17, 2016 judgment of the district court is AFFIRMED.
Plaintiffs Brian Mount and Thomas Naiman appeal the Fed. R. Civ. P. 12(b)(6)
dismissal of their state-law claims of deceptive business practices, see N.Y. Gen. Bus.
Law § 349 (“§ 349”), and unjust enrichment, both of which stem from defendant
PulsePoint, Inc.’s alleged circumvention of web-browser privacy features and its
placement of tracking cookies on plaintiffs’ computers in order to gather information
about their internet use. PulsePoint defends the dismissal and further reiterates its
challenge to plaintiffs’ Article III standing, which the district court had rejected. See
Fed. R. Civ. P. 12(b)(1). We review de novo both plaintiffs’ standing and the dismissal
of their complaint pursuant to Fed. R. Civ. P. 12(b)(6). See Allco Fin. Ltd. v. Klee, 805
F.3d 89, 93 (2d Cir. 2015). As to the latter, the pleadings, viewed most favorably to
plaintiffs, must state “enough facts to state a claim to relief that is plausible on its face.”
Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007). Conclusory allegations of law do
not suffice. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). In applying these
standards here, we assume the parties’ familiarity with the facts and record of prior
proceedings, which we reference only as necessary to explain our decision to affirm for
2
substantially the reasons stated by the district court in its thorough and well-reasoned
decision. See Mount v. PulsePoint, Inc., No. 13 CIV. 6592 (NRB), 2016 WL 5080131
(S.D.N.Y. Aug. 17, 2016).
1. Standing
PulsePoint contends that plaintiffs fail to demonstrate the injury in fact necessary
for Article III standing. See, e.g., Strubel v. Comenity Bank, 842 F.3d 181, 188–89 (2d
Cir. 2016). To demonstrate injury in fact, a plaintiff must show the “invasion of a
legally protected interest” that is “concrete and particularized” and “actual or imminent,
not conjectural or hypothetical.” Lujan v. Defs. of Wildlife, 504 U.S. 555, 560 (1992);
accord Strubel v. Comenity Bank, 842 F.3d at 188. A plaintiff may carry this burden by
alleging harm having “a close relationship to a harm that has traditionally been regarded
as providing a basis for a lawsuit in English or American courts.” Spokeo, Inc. v.
Robins, 136 S. Ct. 1540, 1549 (2016).
The district court determined that plaintiffs adequately alleged two injuries in fact:
loss of privacy and effect upon web-browser functionality. We agree as to loss of
privacy and, therefore, need not address the latter. As the district court observed,
PulsePoint’s alleged unauthorized accessing and monitoring of plaintiffs’ web-browsing
activity implicates harms similar to those associated with the common law tort of
intrusion upon seclusion so as to satisfy the requirement of concreteness. See Mount v.
PulsePoint, Inc., 2016 WL 5080131, at *4 (citing In re Nickelodeon Consumer Privacy
Litig., 827 F.3d 262, 294 (3d Cir. 2016); In re Google Inc. Cookie Placement Consumer
Privacy Litig., 806 F.3d 125, 149–51 (3d Cir. 2015)).
3
PulsePoint argues that Nickelodeon and Google are distinguishable because those
cases involved the collection of information identifiable or associable with individual
users, something not alleged here. The cases themselves, however, do not signal that
individual identification is required for standing purposes, nor does the common law tort
of intrusion upon seclusion. See Restatement (Second) of Torts § 652B (1977)
(observing that intrusion upon seclusion may be committed by “use of the defendant’s
senses, with or without mechanical aids, to oversee or overhear the plaintiff’s private
affairs”). Remijas v. Neiman Marcus Group, LLC, 794 F.3d 688 (7th Cir. 2015), also
does not assist defendants. The court found that the plaintiffs in that case did have
standing to sue, and it only “refrain[ed] from supporting standing on plaintiffs’ allegation
that they had suffered ‘a concrete injury in the loss of their private information’ because
they had no property right in that information.” Id. at 695. Further, the Remijas
plaintiffs did not allege an invasion of privacy akin to the common law tort at issue here.
Accordingly, like the district court, we reject PulsePoint’s standing challenge.
2. Failure To State Claim
a. New York General Business Law § 349
1. Legal Standard
To state a § 349 claim, plaintiff must allege that defendant has engaged in
(1) consumer-oriented conduct, (2) that is materially misleading, and (3) that caused
plaintiff injury. See Koch v. Acker, Merrall & Condit Co., 18 N.Y.3d 940, 941, 944
N.Y.S.2d 452, 452 (2012). The third requirement, the only one here in dispute,
demands actual injury, though not necessarily pecuniary harm. See Stutman v. Chem.
4
Bank, 95 N.Y.2d 24, 29, 709 N.Y.S.2d 892, 896 (2000). Plaintiffs’ satisfaction of the
injury requirement for standing does not necessarily satisfy the injury requirement of
§ 349. See In re Methyl Tertiary Butyl Ether (“MTBE”) Prods. Liab. Litig., 725 F.3d
65, 105, 107 (2d Cir. 2013) (recognizing constitutional standing may not per se establish
injury under New York state law).
2. Privacy Loss Injury
Plaintiffs argue that the alleged invasion of their privacy constitutes injury
cognizable by § 349. No New York court, however, has ever construed § 349 to reach
the privacy invasion alleged here, i.e., collection of internet users’ aggregated,
anonymized web-browsing data. Rather, § 349 injury has been recognized only where
confidential, individually identifiable information—such as medical records or a Social
Security number—is collected without the individual’s knowledge or consent. See
Mount v. PulsePoint, Inc., 2016 WL 5080131, at *11–12 (citing Meyerson v. Prime
Realty Servs., LLC, 7 Misc. 3d 911, 912, 796 N.Y.S.2d 848, 850 (Sup. Ct. N.Y. Cty.
2005); Anonymous v. CVS Corp., 188 Misc. 2d 616, 618, 728 N.Y.S.2d 333, 335 (Sup.
Ct. N.Y. Cty. 2001)). Plaintiffs’ argument urging a more expansive interpretation of
these precedents is not persuasive largely for the reasons stated by the district court. See
id. at *12 (“[B]oth decisions treated the information at issue as presumptively
confidential . . . [and] [p]laintiffs supply no basis for us to assume that New York courts
would consider the information allegedly collected here to possess a similar status.”).
Absent any allegations that the data collected would or could be associated with
individual users (or some other alleged factual basis for a cognizable privacy injury),
5
there is no basis in New York law to recognize a cognizable injury under § 349.
Insofar as plaintiffs urge us to take judicial notice of five documents pertaining to
§ 349’s legislative history, those documents warrant no different result. They speak
only to the expected efficacy of consumer enforcement of § 349. Similarly, the notices
of assurances by attorneys general serve to establish only that New York’s Attorney
General relied therein upon authority conferred by § 349, which, as to the Attorney
General, does not require a demonstration of injury at all. See N.Y. Gen. Bus. Law
§ 349(b).
Accordingly, plaintiffs cannot rely on a privacy injury not cognizable by § 349 to
state a claim under that statute.
3. Other Injuries
Plaintiffs urge two other bases for identifying § 349 injury: degradation in the
value of their computers and misappropriation of their personal information. Neither
persuades. Plaintiffs conceded below that they alleged no performance issues or other
tangible harm to their devices, and their argument on appeal—that the disabling of a
cookie-blocker and installation of cookies on their computers was “unauthorized access,”
which they contend is itself a § 349 injury—has no support in case law and is, moreover,
belied by plaintiffs’ apparent concession that such access is insufficient to constitute
trespass to chattel. Insofar as plaintiffs’ “unauthorized access” argument attempts to
circumvent the district court’s conclusion that no trespass-to-chattel injury is alleged, see
Mount v. PulsePoint, Inc., 2016 WL 5080131, at *9–10, plaintiffs cite no authority
suggesting that de minimis access to their computers qualifies as “injury” under § 349,
6
which, as we have already noted, has never been construed to reach such harms.
Plaintiffs’ “misappropriation” theory of injury rests on their professed loss of the ability
to monetize the anonymous web browsing information allegedly collected by
PulsePoint.1 This theory fails because plaintiffs do not allege that PulsePoint’s data
collection practices actually deprived them of any opportunity to sell their own
personalized information. See id. at *6.
Accordingly, because plaintiffs failed to plead injury cognizable under § 349, that
statutory claim was correctly dismissed.
b. Unjust Enrichment
To state a claim for unjust enrichment under New York law, a plaintiff must plead
facts showing “that (1) defendant was enriched, (2) at plaintiff’s expense, and (3) equity
and good conscience militate against permitting defendant to retain what plaintiff is
seeking to recover.” Diesel Props S.r.l. v. Greystone Bus. Credit II LLC, 631 F.3d 42,
55 (2d Cir. 2011) (internal quotation marks omitted); see also Mandarin Trading Ltd. v.
Wildenstein, 16 N.Y.3d 173, 183, 919 N.Y.S.2d 465, 472 (2011) (stating that conclusory
allegations are insufficient). The district court observed that, even assuming
PulsePoint’s enrichment, plaintiffs cannot show enrichment at their expense because they
failed to allege specific loss or deprivation of opportunity to profit from their
personalized information. See Mount v. PulsePoint, Inc., 2016 WL 5080131, at *13.
No different conclusion obtains here merely because plaintiffs characterize the relief
1
To the extent that plaintiffs now argue that they were deprived of the benefit of their
web browser’s cookie-blocking feature, the complaint contains no allegations which
suggest plaintiffs were aware of this feature, or otherwise derived value from it.
7
sought as equitable restitution, see Mandarin Trading Ltd. v. Wildenstein, 16 N.Y.3d at
183, 919 N.Y.S.2d at 472 (requiring in all cases that plaintiffs plead enrichment at their
expense), or merely because they assert that the data allegedly collected belonged to
them, see Edelman v. Starwood Capital Grp., LLC, 70 A.D.3d 246, 250, 892 N.Y.S.2d
37, 41 (1st Dep’t 2009) (rejecting unjust-enrichment claim where proprietary information
was wrongfully obtained from plaintiff, but defendants’ use “did not come at plaintiffs’
expense, and plaintiffs did not suffer any loss in connection with that use”).
Accordingly, because plaintiffs failed to plead common law unjust enrichment,
that claim was properly dismissed.
3. Conclusion
We have considered the parties’ remaining arguments and conclude that they are
without merit. Accordingly, the August 17, 2016 judgment of the district court is
AFFIRMED.
FOR THE COURT:
CATHERINE O’HAGAN WOLFE, Clerk of Court
8