Straubmuller v. Jetblue Airways Corp.

• Docket Number: Civil Action DKC 23-384
• Decision Date: 01 September 2023
• Parties: MATTHEW STRAUBMULLER, individually and on behalf of all others similarly situated, v. JETBLUE AIRWAYS CORP.
• Court: U.S. District Court — District of Maryland

1

MATTHEW STRAUBMULLER, individually and on behalf of all others similarly situated, v. JETBLUE AIRWAYS CORP.

Civil Action No. DKC 23-384

United States District Court, D. Maryland

September 1, 2023

MEMORANDUM OPINION

DEBORAH K. CHASANOW UNITED STATES DISTRICT JUDGE

Presently pending and ready for resolution is the motion to dismiss filed by Defendant Jetblue Airways Corporation. (ECF No. 11). The issues have been briefed, and the court now rules, no hearing being deemed necessary. Local Rule 105.6. For the following reasons, the motion to dismiss will be granted.

I. Background

The following facts are alleged in the Complaint. (ECF No. 1). Defendant is an airline offering domestic and international flights. (ECF No. 1 ¶ 38). Defendant operates the website www.jetblue.com. (ECF No. 1 ¶ 38). Defendant procures and embeds various Session Replay Codes from third-party Session Replay Providers on Defendant's website to track and analyze user interactions with the website. (ECF No. 1 ¶¶ 39-40).

Session Replay Code enables website operators to record, save, and replay website visitors' interactions with a given website, including “mouse movements, keystrokes (such as text being entered into an information field or text box), URLs or web pages visited, and/or other electronic communications in realtime.” (ECF No. 1 ¶¶ 1, 22). Website operators can then view a visual reenactment of the user's visit through the Session Replay Provider, typically in the form of a video. (ECF No. 1 ¶ 27).

Plaintiff Matthew Straubmuller visited Defendant's website, at which time his interactions with the website were captured by Session Replay Code and sent to various Session Replay Providers. (ECF No. 1 ¶¶ 44-47).

On February 10, 2023, Plaintiff filed a complaint, on behalf of himself and others similarly situated, against Defendant. In Count I, the Complaint alleges that Defendant violated the Maryland Wiretapping and Electronic Surveillance Act (“MWESA”), Md. Code Ann., Cts. & Jud. Proc. § 10-401, by intercepting Plaintiff's electronic communications with Defendant's website without consent. (ECF No. 1 ¶ 78). In Count II, the Complaint alleges that Defendant's conduct also constitutes an invasion of privacy and intrusion upon seclusion. (ECF No. 1 ¶ 3). On April 17, 2023, Defendant moved to dismiss the Complaint for lack of subject matter jurisdiction, Fed.R.Civ.P. 12(b)(1), lack of personal jurisdiction, Fed.R.Civ.P. 12(b)(2), and failure to state a claim, Fed.R.Civ.P. 12(b)(6). (ECF No. 11). On May 1, 2023, Plaintiff responded in opposition (ECF No. 14), and on May 15, 2023, Defendant replied (ECF No. 19).

II. Standard of Review

The issue of standing may be challenged on a motion to dismiss for lack of subject matter jurisdiction under Fed.R.Civ.P. 12(b)(1) because it challenges a court's authority to hear the matter. The plaintiff bears the burden of proving that subject matter jurisdiction exists. Demetres v. East West Constr., Inc., 776 F.3d 271, 272 (4^th Cir. 2015). When a defendant challenges subject matter jurisdiction facially, as here, the plaintiff “is afforded the same procedural protection” as under Fed.R.Civ.P. 12(b)(6). Wikimedia Found. v. NSA, 857 F.3d 193, 208 (4^th Cir. 2017) (quotation omitted). “[T]he motion must be denied if the complaint alleges sufficient facts to invoke subject matter jurisdiction.” Kerns v. United States, 585 F.3d 187, 192 (4^th Cir. 2009). The court must accept all well-pleaded allegations in the complaint as true and draw all reasonable inferences in the light most favorable to the plaintiff. Mays v. Sprinkle, 992 F.3d 295, 299 (4^th Cir. 2021).

III. Analysis

Defendant contends that Plaintiff lacks standing to bring this suit because Plaintiff has not alleged a concrete harm necessary to establish an injury in fact.^[1] Plaintiff argues that he sufficiently alleges an injury in fact.

Article III of the Constitution limits the jurisdiction of federal courts to “Cases” and “Controversies.” U.S. Const. art. III, § 2. To establish standing, a plaintiff bears the burden of establishing: (1) an injury in fact that is concrete, particularized, and actual or imminent; (2) a sufficient causal connection between the injury and the conduct complained of; and (3) a likelihood that the injury will be redressed by a favorable decision. Susan B. Anthony List v. Driehaus, 573 U.S. 149, 15758 (2014). A concrete injury is “‘real,' and not ‘abstract.'” Spokeo, Inc. v. Robins, 136 S.Ct. 1540, 1548 (2016). While tangible harms such as physical and monetary harms constitute sufficiently concrete injuries in fact, intangible harms can also be concrete. TransUnion LLC v. Ramirez, 141 S.Ct. 2190, 2204 (2021).

A. Intangible harm

Defendant argues that Plaintiff has alleged a bare procedural violation of MWESA without asserting a concrete harm. (ECF No. 11 at 11).

Plaintiff argues that a MWESA violation is itself a concrete harm, and he need not allege any additional harm because MWESA resembles traditional common law privacy torts whose violation automatically results in an injury in fact. (ECF No. 14 at 14-15).

A plaintiff proceeding under a statutory cause of action whose injury has “a close historical or common-law analogue” for which courts have traditionally provided a remedy has standing even if the injury alone does not satisfy Article III standing requirements. Garey v. James S. Farrin, P.C., 35 F.4th 917, 921 (4^th Cir. 2022) (quoting TransUnion, 141 S.Ct. at 2204). Concrete intangible harms with a close relationship to harms traditionally recognized as bases for lawsuits include reputational harms, disclosure of private information, and intrusion upon seclusion. TransUnion, 141 S.Ct. at 2204 (citing Meese v. Keene, 481 U.S. 465, 473 (1987) (reputational harms); Davis v. Federal Election Comm'n, 554 U.S. 724, 733 (2008) (disclosure of private information); Gadelhak v. AT&T Services, Inc., 950 F.3d 458, 462 (7th Cir. 2020) (intrusion upon seclusion)). While a legislature may elevate previously existing harms to actionable status, it may not enact an injury into existence. See id. at 2204-05 (citing Spokeo, 578 U.S. at 341). Courts must independently decide whether a plaintiff has suffered a concrete harm because a plaintiff cannot automatically satisfy the injury in fact requirement whenever there is a statutory violation. TransUnion, 141 S.Ct. At 2205 (“[U]nder Article III, an injury in law is not an injury in fact.”).

Plaintiff argues that MWESA simply “elevated” previously existing privacy rights, as evidenced by the “clear consensus amongst federal courts” establishing that violations of privacy protective statutes such as MWESA sufficiently establish concrete, intangible injuries in fact. (ECF No. 14 at 14-17). Plaintiff is incorrect. As Judge Xinis's opinion in Sprye v. Ace Motor Acceptance Corp., No. 16-cv-03064-PX, 2017 WL 1684619 (D.Md. May 3, 2017), illustrates, there is no consensus that MWESA violations alone give rise to an injury in fact. In Sprye, Judge Xinis held that the plaintiff's allegation that the defendant surreptitiously recorded its phone calls to the plaintiff “constitute[s] numerous and multiple violations of [MWESA]” did not assert an injury sufficient to establish standing. Id. at *6. Like in Sprye, allegations that Defendant has violated MWESA, without additional concrete harm, cannot satisfy Article III standing requirements.

Plaintiff's reliance on cases involving non-MWESA statutes, such as the Telephone Consumer Protection Act, Fair Credit Reporting Act, Driver's Privacy Protection Act (“DPPA”), California Invasion of Privacy Act (“CIPA”), and Title III of the Omnibus Crime Control and Safe Streets Act (“Federal Wiretap Act”) fares no better. (ECF No. 14 at 15-16). Even in the context of CIPA, which, like MWESA, is a state-law analogue to the Federal Wiretap Act,^[2] there is far from a consensus regarding whether statutory violations automatically give rise to concrete harm. Compare, e.g., Licea v. Am. Eagle Outfitters, Inc., No. 22-cv-1702-MWF, 2023 WL 2469630, at *3 (C.D.Cal. Mar. 7, 2023) (holding that a bare violation of CIPA is a cognizable violation of privacy rights sufficient to establish standing), Licea v. Cinmar, LLC, No. 22-cv-6454-MWF, 2023 WL 2415592, at *3 (C.D.Cal. Mar. 7, 2023) (same), Garcia v. Build.com, Inc., No. 22-CV-01985-DMS-KSC, 2023 WL 4535531, at *4 (S.D.Cal. July 13, 2023) (same), with Byars v. Sterling Jewelers, Inc., No. 22-cv-1456-SB, 2023 WL 2996686, at *4 (C.D.Cal. Apr. 5, 2023) (holding that CIPA violations do not constitute an injury in fact without an additional showing of harm); Lightoller, 2023 WL 3963823, at *5 (S.D.Cal. June 12, 2023) (same), and Massie v. Gen. Motors LLC, No. CV 21-787-RGA, 2022 WL 534468, at *2, 5 (D.Del. Feb. 17, 2022) (same). Neither is there a consensus that violations of the Federal Wiretap Act alone give rise to an injury in fact. Compare In re Vizio, Inc. Consumer Privacy Litig., 238 F.Supp.3d 1204, 1215-16 (C.D.Cal 2017) (finding concrete harm from Federal Wiretap Act violations due to “the close similarity between the conduct proscribed under the [Federal] Wiretap Act and the tort of intrusion upon seclusion”), with Lopez v. Apple, Inc., 519 F.Supp.3d 672, 681 (N.D.Cal 2021) (finding that plaintiffs asserting Federal Wiretap Act violations lacked standing because they did not allege non-speculative, concrete injury beyond a statutory privacy harm).

Plaintiff further argues that under TransUnion, MWESA violations constitute a concrete harm closely related to the traditional tort of invasion of privacy. (ECF No. 14 at 14 1617). Plaintiff analogizes this case to Garey, 35 F.4th 917. (ECF No. 14 at 16). In Garey, the United States Court of Appeals for the Fourth Circuit determined that DPPA violations...