A California federal judge has largely granted summary judgment in a data privacy lawsuit against Yodlee, Inc., finding that two of the five plaintiffs lacked Article III standing for all remaining claims and that the three other plaintiffs lacked Article III standing for—and failed to create genuine disputes of fact on the merits about—two of their three remaining claims.  Covington represents Yodlee in this action.  Clark v. Yodlee, No. 20-cv-05991-SK (N.D. Cal.).

Plaintiffs filed the case as a putative nationwide class action against Yodlee in August 2020, alleging that Yodlee—a technology company that provides business-to-business services to financial institutions and fintech clients—unlawfully collected, stored, and used bank transaction data and account information from consumers who used Yodlee’s Instant Account Verification (“IAV”) service to link bank accounts to various financial apps.  By the class certification stage, the case had been narrowed to five plaintiffs asserting claims against Yodlee for violation of California’s Anti-Phishing Act (“CAPA”), invasion of privacy under the California Constitution and common law, and unjust enrichment.  In September 2024, the court denied plaintiffs’ motion for class certification.  Plaintiffs filed a Rule 23(f) petition for interlocutory appeal, which Yodlee opposed, and the Ninth Circuit denied that petition.

Yodlee moved for summary judgment on plaintiffs’ remaining individual claims.  After full briefing and oral argument, the district court granted Yodlee’s motion in large part.  The court concluded that two of the five plaintiffs lacked Article III standing because the record revealed they had used IAV only after suing Yodlee.  As to the three remaining plaintiffs, the court found that their unjust enrichment claims failed because there was no evidence that Yodlee had collected bank transaction data from them, or that Yodlee had wrongfully used IAV data for its own benefit.  The court also rejected their CAPA claims because there was no evidence that plaintiffs suffered any adverse effect from Yodlee’s alleged violation of CAPA.   Finally, the court substantially limited plaintiffs’ sole remaining claim for invasion of privacy, concluding that a jury question remained only as to plaintiffs’ allegations regarding Yodlee’s storage of their bank login credentials.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Daniel Rios Daniel Rios

Daniel Rios focuses on complex commercial litigation and has handled matters involving a range of issues, including breach of contract, consumer protection, data privacy, tort, and statutory claims.

Daniel represents clients in the technology, financial services, and consumer products industries, among others, using…

Daniel Rios focuses on complex commercial litigation and has handled matters involving a range of issues, including breach of contract, consumer protection, data privacy, tort, and statutory claims.

Daniel represents clients in the technology, financial services, and consumer products industries, among others, using his substantial experience in all stages of litigation, including:

  • dispositive motions;
  • fact and expert discovery;
  • class certification;
  • summary judgment;
  • trial; and
  • appeals.

Daniel has first-chaired fact and expert witness depositions, second-chaired witnesses at trial and arbitration, and has drafted and argued dispositive motions in both federal and state court.  He has a strong track record of success on early dispositive motions.  In addition, Daniel maintains an active pro bono practice, which includes the successful representation of racial minorities in civil rights lawsuits and formerly incarcerated individuals seeking expungement of their criminal records.