A U.S. District Court Judge in California dismissed a putative class action asserting claims under section 637.7 of the California Invasion of Privacy Act (CIPA) in a case that could have useful implications for automotive and other device manufacturers whose products have the ability to track location. Plaintiff claimed that a third-party company, Otonomo Inc., partnered with automobile manufacturers to use the telematics control units (TCUs) installed in their vehicles to track a driver’s location via GPS without the driver’s knowledge. The Court rejected the claim, holding that because the TCU devices were built-in, rather than devices added to a vehicle, they were not “attached” to the car and thus did not fall within the statute’s definition of “electronic tracking device.”
In the case, Mollaei v. Otonomo Inc., 3:22-cv-02854, the plaintiff alleged that Otonomo’s use of data from the TCUs constituted a violation of California Penal Code Section 637.7. The statute prohibits the use of “an electronic tracking device to determine the location or movement of a person” absent consent or warrant. “Electronic tracking device” is defined as “any device attached to a vehicle or other movable thing” which could transmit its location. Id. at 4. The Court noted that “Plaintiff’s application of Section 637.7 to a built-in component of a vehicle, as opposed to a standalone device, is one of first impression.” Id.
Relying in part on prior case law dismissing Section 637.7 claims against mobile phone applications, as well as the legislative history of the statute, the Court identified the key question to be whether the built-in component was “attached” within the meaning of the statute. The Court accepted the defendant’s arguments on that question, finding “that the ‘device’ must be a separate device that is attached, or placed, onto an automobile by the alleged wrongdoer.” Id. at 5. The TCUs were not a removable part, and it was not possible to purchase a vehicle without one, so the Court concluded the TCU did not fall within the statutory definition.
The Court also agreed that to fall within the ambit of Section 637.7, a device must track more than just a vehicle and instead must associate the location or movements of a vehicle with the identity of a person. Id. at 7. Although the plaintiff alleged that Otonomo could obtain customer data from the manufacturer, they did not sufficiently allege that Otonomo had linked this data to the location tracking. Finally, regarding plaintiff’s claim that he had not consented to Otonomo’s data collection, a necessary element of a Section 637.7 claim, the Court found plaintiff’s allegations lacking. The complaint failed to allege that he had not consented to location tracking by BMW, the manufacturer, so plaintiff could not seek to hold downstream processor Otonomo liable because “[s]ubsequent processing of the location or movement information is not within the scope of the statute.” Id. at 8.
These combined holdings should provide helpful clarification on the scope and meaning of Section 637.7 and identify useful defenses to claims brought under this statute for companies in the automotive tech space and other industries incorporating location-based technology.