In re Jetblue Airways Corp. Privacy Litigation

• Decision Date: 29 July 2005
• Docket Number: No. 04-MD-1587 (CBA).,04-MD-1587 (CBA).
• Citation: 379 F.Supp.2d 299
• Parties: In re JETBLUE AIRWAYS CORP. PRIVACY LITIGATION.
• Court: U.S. District Court — Eastern District of New York

379 F.Supp.2d 299

In re JETBLUE AIRWAYS CORP. PRIVACY LITIGATION.

No. 04-MD-1587 (CBA).

United States District Court, E.D. New York.

July 29, 2005.

COPYRIGHT MATERIAL OMITTED

COPYRIGHT MATERIAL OMITTED

Michael M. Buchman, Milberg Weiss, LLP, Ira Michael Press, Kirby Mcinerney & Squire, Robert Ira Harwood, Wechsler Harwood LLP, Richard B. Brualdi, The

Brualdi Law Firm, Brian Phillip Murray, Murray, Frank & Sailer, LLP, Lee S. Shalov, Shalov Stone & Bonner LLP, David J. Bershad, Milberg, Weiss, Bershad, Hynes & Lerach, L.L.P., J. Douglas Richards, Milberg, Weiss, Bershad, Hynes & Lerach, LLP, New York City, David A. Rosenfeld, Geller Rudman, PLLC, Robert M. Rothman, Samuel H. Rudman, Cauley Geller Bowman & Rudman, LLP, Melville, NY, Paul J. Geller, Cauley Geller Bowman & Coates, LLP, Boca Raton, FL, Stuart A. Davidson, Cauley Geller Bowman & Rudman, LLP, Boca Raton, FL, Christi A. Cannon, Holzer Holzer & Cannon, LLC, Corey D. Holzer, Atlanta, GA, M. Wites, Wites & Kapetan, P.A., Deerfield Beach, FL, Karen Hanson Riebel, Lockridge Grindal Nauen P.L.L.P. Minneapolis, MN, for Plaintiffs.

Christopher G. Kelly, Joanna Lynn Geraghty, Holland & Knight LLP, New York City, for Jet Blue Airways Corporation.

Cheryl A. Heller, Ward Norris Heller & Reidy LLP, Michael D. Norris, Thomas S. D'Antonio, Jeremy Jay Best, Rochester, NY, Dominic M. Pisani, Lewis, Brisbois, Bisgaard & Smith, LLP, New York City, Erik D. Buzzard, Palumbo Bergstrom, LLP, Irvine, CA, David H. Kramer, Wilson, Sonsini, Goodrich & Rosati, David L. Lansky, Shelby K. Pasarell, Douglas J. Clark, Palo Alto, CA, for Defendants.

MEMORANDUM & ORDER

AMON, District Judge.

INTRODUCTION

A nationwide class of plaintiffs brings this action against JetBlue Airways Corporation ("JetBlue"), Torch Concepts, Inc. ("Torch"), Acxiom Corporation ("Acxiom"), and SRS Technologies ("SRS") for alleged violations of the Electronic Communications Privacy Act of 1986 ("ECPA"), 18 U.S.C. § 2701, et seq. (1986), and violations of state and common law. Plaintiffs claim that defendants violated their privacy rights by unlawfully transferring their personal information to Torch for use in a federally-funded study on military base security. Plaintiffs seek a minimum of $1,000 in damages per class member, or injunctive relief to the extent that damages are unavailable, as well as a declaratory judgment. Defendants have moved to dismiss the Amended Complaint pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure on the grounds that plaintiffs have failed to state a federal cause of action under the ECPA, that plaintiffs' state law claims are federally preempted, and that plaintiffs have failed to state any claim under state law.

PROCEDURAL HISTORY

This case is a multidistrict consolidated class action. Initially, a total of nine putative class actions were brought, eight in the Eastern District of New York and one in the Central District of California,¹ on behalf of persons allegedly injured by JetBlue's unauthorized disclosure of personally identifiable travel information. On February 24, 2004, the Judicial Panel on Multidistrict Litigation ordered, pursuant to 28 U.S.C. § 1407, that the action pending in the Central District of California be transferred to this Court for coordinated or consolidated pretrial proceedings with the actions already pending in this district. Since that time, five more cases have been joined in the action.² The consolidated class filed its Amended Complaint in this Court on May 7, 2004.

STATEMENT OF FACTS

Unless otherwise indicated, the following facts set forth in plaintiffs' Amended Complaint are presumed to be true for purposes of defendants' motions to dismiss. JetBlue has a practice of compiling and maintaining personal information, known in the airline industry as Passenger Name Records ("PNRs"), on each of its adult and minor passengers. Information contained in PNRs includes, for example, passenger names, addresses, phone numbers, and travel itineraries. (Am. Compl. ¶ 38; Pl.'s Mem. at 4-5.) The PNRs are maintained, or temporarily stored, on JetBlue's computer servers, and passengers are able to modify their stored information. (Am.Compl.¶ 39.) Acxiom, a world leader in customer and information management solutions, maintains personally-identifiable information on almost eighty percent of the U.S. population, including many JetBlue passengers, which it uses to assist companies such as JetBlue in customer and information management solutions. (Id. ¶ 22; Pl.'s Mem. at 4.)

The personal information that forms the basis of JetBlue's PNRs is obtained from its passengers over the telephone and through its Internet website during the selection and purchase of travel arrangements. In order to encourage the provision of personal information in this manner, JetBlue created a privacy policy which provided that the company would use computer IP addresses only to help diagnose server problems, cookies to save consumers' names, e-mail addresses to alleviate consumers from having to re-enter such data on future occasions, and optional passenger contact information to send the user updates and offers from JetBlue. (Am.Compl.¶ 36.) The JetBlue privacy policy specifically represented that any financial and personal information collected by JetBlue would not be shared with third parties and would be protected by secure servers. JetBlue also purported to have security measures in place to guard against the loss, misuse, or alteration of consumer information under its control. (Id. ¶ 37.)

In the wake of September 11, 2001, Torch, a data mining company similar to Acxiom, presented the Department of Defense ("DOD") with a data pattern analysis proposal geared toward improving the security of military installations in the United States and possibly abroad. Torch suggested that a rigorous analysis of personal characteristics of persons who sought access to military installations might be used to predict which individuals pose a risk to the security of those installations. (Id. ¶ 42.) DOD showed interest in Torch's proposal and added Torch as a subcontractor to an existing contract with SRS so that Torch could carry out a limited initial test of its proposed study. The SRS contract was amended to include airline PNRs as a possible data source in connection with Torch's study. (Id. ¶ 43.) Because Torch needed access to a large national-level database of personal information and because no federal agencies approached by Torch would grant access to their own governmental databases, Torch independently contacted a number of airlines in search of private databases that might contain adequate information to serve its requirements. (Id. ¶¶ 43-46.) These airlines declined to share their passengers' personal information unless the Department of Transportation ("DOT") and/or the Transportation Security Administration ("TSA") were involved and approved of such data sharing. (Id. ¶ 46.)

Unable to obtain the data through its own devices, Torch asked members of Congress to intervene on its behalf with the airlines or federal agencies. (Id. ¶ 47.) Torch also contacted the DOT directly. (Id. ¶ 48.) Following a series of meetings, the DOT and the TSA agreed to assist Torch in obtaining consent from a national airline to share its passenger information. (Id. ¶ 51.) On July 30, 2002, the TSA sent JetBlue a written request to supply its data to the DOD, and JetBlue agreed to cooperate. (Id. ¶¶ 53-54.) In September 2002, JetBlue and Acxiom collectively transferred approximately five million electronically-stored PNRs to Torch in connection with the SRS/DOD contract. (Id. ¶¶ 53, 55.) Then, in October 2002, Torch separately purchased additional data from Acxiom for use in connection with the SRS contract. This data was merged with the September 2002 data to create a single database of JetBlue passenger information including each passenger's name, address, gender, home ownership or rental status, economic status, social security number, occupation, and the number of adults and children in the passenger's family as well as the number of vehicles owned or leased. (Id. ¶ 56.) Using this data, Torch began its data analysis and created a customer profiling scheme designed to identify high-risk passengers among those traveling on JetBlue. (Id. ¶¶ 57-58.)

In or about September 2003, government disclosures and ensuing public investigations concerning the data transfer to Torch prompted JetBlue Chief Executive Officer David Neelman to acknowledge that the transfer had been a violation of JetBlue's privacy policy. (Id. ¶¶ 63, 65-66.) A class of plaintiffs whose personal information was among that transferred now brings this action against JetBlue, Torch, Acxiom, and SRS, seeking monetary damages, including punitive damages, and injunctive relief. (Id. ¶ 5.) Plaintiffs assert five causes of action against all defendants: (1) violation of the Electronic Communications Privacy Act of 1986 ("ECPA"), 18 U.S.C. § 2701, et seq., (2) violation of the New York General Business Law and other similar state consumer protection statutes, (3) trespass to property, (4) unjust enrichment, and (5) declaratory judgment.³ In addition, plaintiffs bring a sixth claim for breach of contract against JetBlue. All defendants have moved for dismissal pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. Defendants argue that plaintiffs have failed to state a claim under federal or state law and that the state law claims asserted are expressly preempted by the Airline Deregulation Act, 49 U.S.C. § 41713(b) (1997), or impliedly preempted by the federal government's pervasive occupation of the field of aviation security. The federal government filed a statement of interest arguing that no defendant violated the ECPA and urging dismissal of the federal claim.

DISCUSSION

I. Legal Standard for Rule 12(b)(6) Motion to Dismiss

In deciding a motion to dismiss pursuant to Rule 12(b)(6) of the Federal Rules...