A California federal judge has largely granted summary judgment in a data privacy lawsuit against Yodlee, Inc., finding that two of the five plaintiffs lacked Article III standing for all remaining claims and that the three other plaintiffs lacked Article III standing for—and failed to create genuine disputes of fact on the merits about—two of their three remaining claims. Covington represents Yodlee in this action. Clark v. Yodlee, No. 20-cv-05991-SK (N.D. Cal.).
Plaintiffs filed the case as a putative nationwide class action against Yodlee in August 2020, alleging that Yodlee—a technology company that provides business-to-business services to financial institutions and fintech clients—unlawfully collected, stored, and used bank transaction data and account information from consumers who used Yodlee’s Instant Account Verification (“IAV”) service to link bank accounts to various financial apps. By the class certification stage, the case had been narrowed to five plaintiffs asserting claims against Yodlee for violation of California’s Anti-Phishing Act (“CAPA”), invasion of privacy under the California Constitution and common law, and unjust enrichment. In September 2024, the court denied plaintiffs’ motion for class certification. Plaintiffs filed a Rule 23(f) petition for interlocutory appeal, which Yodlee opposed, and the Ninth Circuit denied that petition.
Yodlee moved for summary judgment on plaintiffs’ remaining individual claims. After full briefing and oral argument, the district court granted Yodlee’s motion in large part. The court concluded that two of the five plaintiffs lacked Article III standing because the record revealed they had used IAV only after suing Yodlee. As to the three remaining plaintiffs, the court found that their unjust enrichment claims failed because there was no evidence that Yodlee had collected bank transaction data from them, or that Yodlee had wrongfully used IAV data for its own benefit. The court also rejected their CAPA claims because there was no evidence that plaintiffs suffered any adverse effect from Yodlee’s alleged violation of CAPA. Finally, the court substantially limited plaintiffs’ sole remaining claim for invasion of privacy, concluding that a jury question remained only as to plaintiffs’ allegations regarding Yodlee’s storage of their bank login credentials.