Duane Morris Takeaways: On September 1, 2023, Judge Deborah Chasanow of the U.S. District Court for the District of Maryland granted a motion to dismiss a class action alleging that the website of defendant Jetblue Airways violated users’ privacy rights under the Maryland Website and Electronic Surveillance Act (“MWES”A). Finding that the named Plaintiff lacked Article III standing to bring the lawsuit, the Court relied upon the lack of any allegations in the Complaint that any of Plaintiff’s personal information was captured by the alleged use of a session replay code. As a result, his Complaint lacked any allegation of a concrete harm that is necessary to bestow standing by virtue of suffering an injury-in-fact. Employers are well-served to examine their websites for the level of risk they might pose of exposure to litigation of this kind, which is currently being filed in more and more courts around the country.
Jetblue Airways Corp. (“Jetblue”) was sued by Matthew Straubmuller in the U.S. District Court for the District of Maryland, alleging that he and a putative class of website users who had visited Jetblue’s website were entitled to damages from Jetblue for violation of the MWESA. Slip Op. at 2. The purpose of that statute is two-fold: both to be a useful tool in crime prevention; and to ensure that “interception of private communications is limited.” Id. at 8.
Plaintiff alleged Jetblue’s website uses a “session replay code” and that this allows for Jetblue to track users electronic communications with the website in real time, and also can enable reenactments of a user’s visit to the website, and that these constitute actionable privacy violations under the provisions of the MWESA.
JetBlue filed a motion to dismiss. It asserted that that Plaintiff lacked Article III standing to bring his claims. It contended that Plaintiff alleged a mere procedural violation of the MWESA and did not allege a concrete harm necessary to establish an injury-in-fact to confer standing.
The District Court’s Decision
Judge Chasnow granted Jetblue’s motion to dismiss. Relying on the Supreme Court’s decision in TransUnion v. Ramirez, 141 S. Ct. 2190 (2021), she rejected Plaintiff’s argument that a statutory violation alone is a concrete injury. The Judge opined that “Courts must independently decide whether a plaintiff has suffered a concrete harm because a plaintiff cannot automatically satisfy the injury-in-fact requirement whenever there is a statutory violation.” Slip Op. at 5-6 (quoting TransUnion (“under Article III, an injury in law is not an injury in fact.”). And more to the point, she cited case law interpreting the MWESA itself to this effect, which Plaintiff had not cited. Id.
As a way of underlining its ruling, the Court noted that Jetblue had submitted a June 12, 2023 decision coming to the exact same conclusion involving a nearly identical complaint filed against Jetblue in the Southern District of California in Lightoller v. Jetblue Airways Corp. Id. at 4.n.1. Other cases involving similar rulings are presently percolating throughout the federal district courts. Id. at 7 (collecting cases).
Implications For Employers
Judge Chasnow’s decision in Straubmuller v. Jetblue Airways Corp. provides corporate counsel with a good opportunity to set up a time to talk with their company’s information technology officers to discuss litigation risks related to websites and how they interact with employees, prospective employees and customers. As more plaintiffs-side attorneys file lawsuits alleging privacy violations like the ones alleged against Jetblue in both state and federal courts around the country, many have a good chance of surviving motions to dismiss. Preventing class action lawsuits are far superior to defending them.