Submit to Digest

Apple AirTag Stalking Class Action Survives Motion to Dismiss

Reports Privacy

Background

First Amended Class Action Complaint, Hughes v. Apple, Inc., No. 22-cv-07668-VC (N.D. Cal. October 6, 2023), complaint hosted by ArsTechnica.

Order Partially Granting Motion to Dismiss, Hughes v. Apple, Inc., No. 22-cv-07668-VC (N.D. Cal. March 15, 2024), order hosted by Casetext.

Order Partially Denying and Partially Granting the Motion to Dismiss, Hughes v. Apple, Inc., No. 22-cv-07668-VC (N.D. Cal. March 15, 2024), order hosted by Casetext.

Introduction

On March 15, 2024, Judge Vince Chhabria of the United States District Court for the Northern District of California allowed certain claims in a class-action lawsuit against Apple, alleging that Apple AirTags enable stalking, to move forward. This development is especially noteworthy because victims of privacy harms like stalking often struggle to advance their claims in court.

Apple markets the AirTag as a device for keeping track of personal items. The class-action complaint, encompassing claims from dozens of named stalking victims, argues that the AirTag has instead “revolutionized the scope, breadth, and ease of location-based stalking.”

The complaint explains that the AirTag’s suitability for stalking lies in its small size, low price point ($29), and high degree of accuracy. These features have allegedly allowed stalkers to obtain AirTags and place them discreetly on victims’ cars, clothes, and personal items, enabling 24/7 access to victims’ locations. According to the complaint, advocates warned Apple of these safety risks, yet Apple went ahead with releasing the AirTag—even marketing it as “stalker-proof.”

Plaintiffs also argue that the AirTag’s existing safety features are inadequate. For example, they note that victims can only disable AirTags once they physically find them, which is often difficult. Furthermore, plaintiffs allege that users are unable to proactively search for an AirTag if they suspect they are being stalked, but rather must wait for Apple to send an alert. And even when they have received an alert, multiple plaintiffs allege that it came too late or that they did not understand the significance of the alert.

As detailed below, Judge Chhabria granted Apple’s motion to dismiss for most of the claims with leave to amend. However, in a separate order, he denied the motion to dismiss for three of the plaintiffs’ claims and allowed those claims to proceed immediately to discovery.

The prevailing claims were brought by three California plaintiffs for common-law negligence and strict product liability. Each of the three plaintiffs was able to successfully plead to the court that their stalking-related injuries were directly tied to failures in the AirTag’s safety features.

For instance, one of the successful plaintiffs alleged that she received an AirTag alert on her phone. She discerned that there was an AirTag in her car by prompting the AirTag to make a sound. But she was unable to find the physical AirTag itself, even after hiring an auto shop to scour her car. Both Apple and the police said they could not disable the AirTag unless she had it in hand. She continued to receive alerts on her phone about the AirTag for months, during which time her anxiety about being stalked deepened. Her mental distress ultimately led her to abandon her acting career in California and return to her native Ireland.

Claims Dismissed with Leave to Amend

First, the Court dismissed all non-California plaintiffs’ common-law tort claims. The non-California plaintiffs asserted that California law governed their claims only after Apple filed their motion to dismiss, instead of stating it in their complaint. The court reasoned that Apple therefore did not have adequate notice as to those claims.

Second, the court dismissed claims alleging that Apple violated the California Invasion of Privacy Act ("CIPA"). The statute prohibits using a tracking device to “determine the location or movement of a person.” Cal. Penal Code § 637.7(a). While the plaintiffs’ stalkers undoubtedly used AirTags to determine their locations, the complaint did not contain adequate allegations that Apple itself used AirTags to determine the plaintiffs’ whereabouts.

Third, claims based on California’s state constitutional right to privacy, Cal. Const. art. I, §1, likewise failed because the plaintiffs did not adequately allege that Apple—rather than the plaintiffs’ individual stalkers—had invaded plaintiffs’ privacy.

Fourth, the Court dismissed claims grounded in state consumer protection laws. A claim based on California’s Unfair Competition Law, brought by only one plaintiff, was dismissed because the plaintiff was injured outside California. In other claims based on state consumer protection laws, plaintiffs asserted that Apple deceptively marketed AirTags as “stalker-proof.” However, the court did not find sufficient allegations that plaintiffs had detrimentally relied on this allegedly deceptive marketing, or that this marketing had led to their stalking-related injuries.

Notably, the court granted leave for plaintiffs to amend their complaint, so they may be able to revive some of these claims or bring different legal claims.

Surviving Claims: Common-Law Negligence

In its separate order, the court focused its analysis of the plaintiffs’ negligence claims on the duty and causation elements of negligence.

First, Apple plausibly owed plaintiffs a duty of care in designing, marketing, and selling AirTags.

The court framed the duty inquiry in terms of whether Apple merited an exception to California’s baseline duty of reasonable care for the safety of others. The relevant factors in analyzing duty are whether the harm to the plaintiffs was foreseeable and whether public policy considerations support the existence of a duty of care in a given situation.

As to foreseeability, the court explained that “[c]ommon sense alone compels the conclusion that harm from stalking is a foreseeable consequence of making and selling a tracking device, especially a small, affordable, consumer-friendly tracking device.”

In analyzing the public policy dimensions of duty of care, the court underscored the information asymmetry between Apple and stalking victims, Apple’s financial gains from selling AirTags, and the possibility that better safety features in AirTags that Apple neglected to implement could prevent future stalking incidents.

Throughout the duty analysis, the court contrasted this case with Modisette v. Apple, 241 Cal. Rptr. 3d 209 (Cal. Ct. App. 2018), where Apple was found not to have a duty to plaintiffs injured in a car accident caused by distracted driving. In distinguishing the two cases, the court highlighted, among other differences, that: (1) California law explicitly allows checking one’s phone while driving in certain circumstances, while California law never allows stalking; and (2) the smartphones at issue in Modisette were far more essential to everyday life than the Bluetooth trackers (i.e., AirTags) at issue in this case.

The court did not accept Apple’s argument that the larger “FindMy” device network that AirTags are part of is socially valuable enough to relieve Apple of its duty to plaintiffs. The opinion noted that “Apple could cease manufacturing AirTags today and the rest of the FindMy system would still function just the same.”

Second, Apple’s alleged breach of duty could plausibly have caused the plaintiffs’ injuries.

In its causation inquiry, the court concluded that stalkers’ nefarious use of AirTags to track plaintiffs did not necessarily break the chain of causation between Apple and the plaintiffs’ ultimate injuries. However, the court also emphasized that causation is a fact-specific inquiry that will require deeper analysis at later stages in the litigation.

Surviving Claims: Strict Product Liability

According to the court, there are two tests for determining whether a product’s design is defective for purposes of strict product liability in California: the consumer expectations test and the risk-benefit test.

The court easily dismissed the relevance of the consumer expectations test to this case. The opinion reasoned that this test is inapplicable because AirTags were not unsafe for the product’s purchasers, but rather they were unsafe for the purchaser’s stalking victims—third parties to the relevant transaction.

Applying the risk-benefit test, the court found that plaintiffs had stated a claim for strict product liability. The opinion explained that if plaintiffs are able to demonstrate that the product’s design was the proximate cause of their injuries, the burden will shift to Apple to demonstrate that the benefits of the AirTag’s design outweigh its risks to stalking victims.

Conclusion

This case exemplifies the tensions that arise in adapting common law to the novel privacy risks posed by new technologies. Next, plaintiffs will submit a new amended complaint, and the court will determine whether the initially dismissed claims can move forward while discovery begins for the three prevailing claims.