{"id":1713,"date":"2024-08-29T08:56:43","date_gmt":"2024-08-29T12:56:43","guid":{"rendered":"https:\/\/blogs.duanemorris.com\/classactiondefense\/?p=1713"},"modified":"2024-08-29T09:05:03","modified_gmt":"2024-08-29T13:05:03","slug":"georgia-federal-court-dismisses-data-privacy-class-action-against-healthcare-company-for-failure-to-sufficiently-allege-any-invasion-of-privacy-damages-or-wiretap-violation","status":"publish","type":"post","link":"https:\/\/blogs.duanemorris.com\/classactiondefense\/2024\/08\/29\/georgia-federal-court-dismisses-data-privacy-class-action-against-healthcare-company-for-failure-to-sufficiently-allege-any-invasion-of-privacy-damages-or-wiretap-violation\/","title":{"rendered":"Georgia Federal Court Dismisses Data Privacy Class Action Against Healthcare Company For Failure To Sufficiently Allege Any Invasion Of Privacy, Damages, Or Wiretap Violation"},"content":{"rendered":"

\"\"<\/a>By Gerald L. Maatman, Jr., Justin Donoho, and Ryan T. Garippo<\/strong><\/p>\n

Duane Morris Takeaways:<\/strong>\u00a0 On August, 2024, in T.D. v. Piedmont Healthcare, Inc., No. 23-CV-5416 (N.D. Ga. Aug. 24, 2024), Judge Thomas Thrash of the U.S. District Court for the Northern District of Georgia dismissed in its entirety<\/a> a class action complaint alleging that a healthcare company\u2019s use of website advertising technology installed in its MyChart patient portal disclosed the plaintiffs\u2019 private information in commission of the common law torts of invasion of privacy, breach of fiduciary duty, negligence, breach of contract, and unjust enrichment, and in violation of the Federal Wiretap Act.\u00a0 The ruling is significant because it shows that such claims cannot surmount Rule 12(b)(6)\u2019s plausibility standard for legal reasons broadly applicable to a wide range of adtech class actions currently on file in many jurisdictions across the nation.<\/em><\/p>\n

Background<\/strong><\/p>\n

This case is one of the hundreds of class actions that plaintiffs have filed nationwide alleging that Meta Pixel, Google Analytics, and other similar software embedded in defendants\u2019 websites secretly captured plaintiffs\u2019 web browsing data and sent it to Meta, Google, and other online advertising agencies.\u00a0 As the Court explained, \u201ccases like this have sprouted like weeds in recent years.\u201d\u00a0 Id<\/em>. at 5.<\/p>\n

In\u00a0Piedmont<\/em>, Plaintiffs brought suit against Piedmont Healthcare, Inc. (\u201cPiedmont\u201d).\u00a0 According to Plaintiffs, Piedmont installed the Meta Pixel on its public-facing website and its secure patient portal,\u00a0and thereby transmitted to Meta Plaintiffs\u2019 \u201cpersonally identifiable information (PII) and protected health information (PHI) without their consent.\u201d Id.\u00a0<\/em>at 1-2.<\/p>\n

Based on these allegations, Plaintiffs alleged claims for invasion of privacy, breach of fiduciary duty, negligence, breach of contract, unjust enrichment, and violation of the Electronic Communications Privacy Act (\u201cECPA\u201d).\u00a0 Piedmont moved to dismiss under Rule 12(b)(6) for failure to state sufficient facts that, if accepted as true, would state a claim for relief that is plausible on its face.<\/p>\n

The Court\u2019s Opinion<\/strong><\/p>\n

The Court agreed with Piedmont and dismissed all of Plaintiffs\u2019 claims.<\/p>\n

To state a claim for invasion of privacy, Plaintiffs were required to allege facts sufficient to show \u201can unreasonable and highly offensive intrusion upon another\u2019s seclusion.\u201d\u00a0 Id. <\/em>at 5.\u00a0 Plaintiffs argued that Piedmont intruded upon their privacy by using the Meta Pixel to secretly transmit their PII and PHI to a third party for commercial gain. \u00a0Id. <\/em>at 4.\u00a0 Piedmont argued that these allegations failed to plausibly plead an intrusion or actionable intent, or that any intrusion was reasonably offensive or objectionable.\u00a0 Id.<\/em>\u00a0 The Court concluded that \u201cit seems that the weight of authority in similar pixel tracking cases is now solidly in favor of Piedmont\u2019s argument. There is no intrusion upon privacy when a patient voluntarily provides personally identifiable information and protected health information to his or her healthcare provider.\u201d\u00a0 Id. <\/em>at 5-6 (collecting cases).\u00a0 The Court further commented that \u201cit is widely understood that when browsing websites, your behavior may be tracked, studied, shared, and monetized. So it may not come as much of a surprise when you see an online advertisement for fertilizer shortly after searching for information about keeping your lawn green.\u201d\u00a0 Id. <\/em>at 3-4.<\/p>\n

To state claims for breach of fiduciary duty, negligence, breach of contract, and unjust enrichment, one of the elements a plaintiff much allege is damages or, relatedly, enrichment.\u00a0 Id. <\/em>at 7-10.\u00a0 Plaintiffs argued that they alleged seven categories of damages, as follows: \u201c(i) invasion of privacy, including increased spam and targeted advertising they did not ask for; (ii) loss of confidentiality; (iii) embarrassment, emotional distress, humiliation and loss of enjoyment of life; (iv) lost time and opportunity costs associated with attempting to mitigate the consequences of the disclosure of their Private Information; (v) loss of benefit of the bargain; (vi) diminution of value of Private Information and (vii) the continued and ongoing risk to their Private Information.\u201d\u00a0 Id. <\/em>at 9.\u00a0 Piedmont argued that these damages theories stemming from \u201cthe provision of encrypted information only to Facebook\u201d were implausible.\u00a0 Id. <\/em>at 7.\u00a0 The Court agreed with Piedmont, rejected all of Plaintiffs\u2019 damages theories.\u00a0 Accordingly, it dismissed the remainder of Plaintiffs\u2019 common-law claims.\u00a0 As the Court explained: \u201cNo facts are alleged that would explain how receiving targeted advertisements from Facebook and Piedmont would plausibly cause any of the Plaintiffs to suffer these damages. This is not a case where the Plaintiffs\u2019 personal information was stolen by criminal hackers with malicious intent. The Plaintiffs received targeted advertisements because they are Facebook users and have Facebook IDs. The Court finds the Plaintiffs\u2019 damages theories untenable. Indeed, this court has rejected many identical theories arising under similar circumstances.\u201d\u00a0 Id.<\/em> (collecting cases)<\/p>\n

To state a claim for violation of the ECPA, also known as the federal wiretap act, a plaintiff must show an intentional interception of the contents of an electronic communication.\u00a0\u00a0Id. <\/em>at 11<\/em>.\u00a0 The ECPA is a one-party consent statute, meaning that there is no liability under the statute for any party to the communication \u201cunless such communication is intercepted for the purposes of committing a criminal or tortious act in violation of the Constitution or laws of the United States or any State.\u201d \u00a018 U.S.C. \u00a7 2511(2)(d)); 18 U.S.C. \u00a7 2511(2)(d).\u00a0 Piedmont argued that it could not have intercepted the same transmission it received on its website, nor could it have acted with a tortious or criminal purpose in seeking to drive marketing and revenue.\u00a0 Id. <\/em>at 10-11.\u00a0 In response, the Plaintiffs contended that they stated a plausible ECPA claim, arguing that Piedmont intercepted the contents of their PII and PHI when it acquired such information through the Meta Pixel on its website and that the party exception is inapplicable because Piedmont acted with criminal and tortious intent in \u201cwiretapping\u201d their PII and PHI.\u00a0 Id. <\/em>at 11.\u00a0 The Court concisely concluded: \u201cAs was the case in the invasion of privacy context, the weight of persuasive authority in similar pixel tracking cases supports Piedmont\u2019s position.\u201d\u00a0 Id. <\/em>at 11-12 (collecting cases).<\/p>\n

Implications For Companies<\/strong><\/p>\n

The holding of\u00a0Piedmont<\/em> is a win for adtech class action defendants and should be instructive for courts around the country.\u00a0 While many adtech cases around the country have made it past a motion to dismiss, many have not, and, for many which continue to be filed regularly, it remains to be seen, Piedmont <\/em>provides powerful precedent for any company defending against adtech class action claims for invasion of privacy, common-law claims for damages or unjust enrichment, and alleged violation of the federal wiretap act.<\/p>\n","protected":false},"excerpt":{"rendered":"

By Gerald L. Maatman, Jr., Justin Donoho, and Ryan T. Garippo Duane Morris Takeaways:\u00a0 On August, 2024, in T.D. v. Piedmont Healthcare, Inc., No. 23-CV-5416 (N.D. Ga. Aug. 24, 2024), Judge Thomas Thrash of the U.S. District Court for the Northern District of Georgia dismissed in its entirety a class action complaint alleging that a … <\/p>\n

Continue reading “Georgia Federal Court Dismisses Data Privacy Class Action Against Healthcare Company For Failure To Sufficiently Allege Any Invasion Of Privacy, Damages, Or Wiretap Violation”<\/span><\/a><\/p>\n","protected":false},"author":583,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[59],"tags":[],"ppma_author":[30],"class_list":["post-1713","post","type-post","status-publish","format-standard","hentry","category-privacy-class-actions"],"authors":[{"term_id":30,"user_id":583,"is_guest":0,"slug":"classactiondefense","display_name":"Class Action Defense","avatar_url":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-content\/uploads\/sites\/56\/2020\/10\/dmlogo.jpg","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/posts\/1713","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/users\/583"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/comments?post=1713"}],"version-history":[{"count":0,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/posts\/1713\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/media?parent=1713"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/categories?post=1713"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/tags?post=1713"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blogs.duanemorris.com\/classactiondefense\/wp-json\/wp\/v2\/ppma_author?post=1713"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}