Consumer Electronics Daily was a Warren News publication.
'Scattershot Complaint'

Nothing 'Nefarious' About Microsoft's Universal Event Tracking Tech: Motion to Dismiss

Plaintiff Jane Doe had notice that Kaiser Permanente used third-party software to collect certain website information, said defendant Microsoft Thursday in its motion to dismiss (docket 2:23-cv-00718) a privacy class action against it and Qualtrics in U.S. District Court for Western Washington in Seattle.

The class action alleges Qualtrics and Microsoft “repeatedly and systematically” violated patients’ healthcare privacy rights on the Kaiser Permanente website by intercepting and collecting patients’ data. It alleges the defendants used tracking code to unlawfully extract private healthcare and other information from Kaiser members’ interactions with the website (see 2305160051).

Doe alleges Kaiser used Microsoft software development kits (SDKs) on its website that sent unidentified data from her unspecified interactions to Microsoft “at unidentified times,” but “no such group of services called ‘Microsoft SDKs’ exists,” said the company. “Left to guess at the challenged technology,” Microsoft “speculates” Doe is referencing its Universal Event Tracking (UET) service, “but there is nothing nefarious or uncommon about that customizable service,” the motion said. UET code enables website operators to understand how their websites are used in order to improve the websites and the ads shown on them “much like other similar website analytics and advertising offerings in the industry,” it said.

Microsoft’s UET service is “privacy-protective” and under its advertising agreement, website operators that use it on their websites must comply with privacy laws that include complying with any consent obligations under applicable laws and disclosing through the website operator’s privacy policy that a user’s data may be collected and shared with Microsoft. Kaiser’s publicly available privacy statement says it records data “about all visitors and customers who use the Site,” and may disclose its users’ personal information to third parties who provide services on its behalf “to help with [its] business activities,” the motion said.

The court should dismiss the complaint with prejudice because Doe hasn’t plausibly alleged she was affected by Microsoft’s purported conduct, it said. Doe asserts a “scattershot complaint” of nine causes of action against Microsoft, “but not Kaiser,” including wiretapping, larceny and conversion, said the motion. She doesn’t say when she interacted with Kaiser’s website or identify the information Microsoft received from her website activity, it said. The complaint relies on “conclusory assertions about information Microsoft allegedly received in general or from others, which is insufficient to sustain Plaintiff’s claim,” it said.

Claims against Microsoft would fail because Doe didn't plausibly allege the essential elements of each cause of action, the motion said. She doesn’t plead facts showing interception by Microsoft of the “content of communications by a covered device with specific intent, and without consent,” as required to state a California Invasion of Privacy Act (CIPA) claim. She also didn't assert a “highly egregious” invasion of privacy allegation, that her computer was hacked into or that she suffered a loss under the Computer Fraud and Abuse Act, an actionable loss required for an unjust enrichment claim, or theft of property by Microsoft to support her larceny and conversion counts, it said.

Microsoft’s motion to dismiss follows defendant Qualtrics’ July 10 motion to dismiss (see 2307120024). The data analytics company said it's “just a vendor” that sells “tools” to customers like Kaiser, allowing those customers to collect and analyze “their own website data from their own website.” Unlike other third-party data companies that have been the subject of recent litigation, “Qualtrics doesn’t sell user data," nor does it use the data for advertising or “for its own purposes,” it said.