Judge P. Casey Pitts, in the Northern District of California, addresses a motion to dismiss and strike in a class action alleging that a popular fitness app placed tracking cookies on users’ devices even after they opted out, in violation of privacy laws and the company’s own policies.
Background
Plaintiffs alleged that the fitness app’s website placed third-party tracking cookies on their devices after they had expressly opted out via a cookie consent banner. These cookies allegedly enabled third parties—including major tech and advertising platforms—to collect sensitive information such as browsing history, user interactions, demographic data, and geolocation. The plaintiffs brought claims for invasion of privacy, intrusion upon seclusion, wiretapping, pen register violations, fraud, unjust enrichment, and trespass to chattels.
Defendant moved to dismiss the case, arguing that plaintiffs had not suffered a concrete injury, that the claims were untimely, and that the complaint failed to state a claim under various legal theories. Defendant also sought to strike certain allegations and class definitions.
Standing and Timeliness
The court found that plaintiffs had sufficiently alleged a concrete injury for Article III standing. The alleged harm—misrepresentation about data collection and non-consensual sharing of sensitive information—was analogous to privacy invasions recognized at common law. The court also declined to dismiss the claims as untimely, finding that the complaint did not establish an “impenetrable” statute of limitations defense on its face.
Privacy and Intrusion Claims Survive
The court allowed the invasion of privacy and intrusion upon seclusion claims to proceed. Key factors included:
- The app’s explicit representation that users could opt out of certain cookies.
- The sensitive nature of the data collected (health, fitness, and behavioral information).
- The CCPA’s influence on user expectations regarding data control and opt-out rights.
The court emphasized that deceptive conduct—telling users they could opt out, then tracking them anyway—could be considered “highly offensive” and thus actionable.
Wiretapping, Pen Register, Fraud, and Trespass Claims Dismissed (With Leave to Amend)
The court dismissed the wiretapping and pen register claims, finding that plaintiffs did not specifically allege that their own communications were intercepted or that the requisite information was tracked. The fraud claim was dismissed for lack of specificity, as plaintiffs did not identify when the alleged misrepresentations occurred. The trespass to chattels claim failed because plaintiffs did not allege measurable harm to their devices.
However, the court granted leave to amend these claims, allowing plaintiffs an opportunity to provide more detailed allegations.
Unjust Enrichment Claim Proceeds
The court rejected the argument that unjust enrichment is not a standalone claim, construing it as a quasi-contract claim for restitution. Plaintiffs’ allegations that the company was unjustly enriched by collecting and monetizing user data after misrepresenting its practices were sufficient to survive dismissal.
Motion to Strike Denied
The court denied the motion to strike screenshots and class allegations, finding that these materials could be relevant and that any deficiencies in class definitions were not “plain enough from the pleadings” to warrant striking at this stage.
VISHAL SHAH, et al., v. MYFITNESSPAL, INC., No. 25-CV-04430-PCP, 2026 WL 216334 (N.D. Cal. Jan. 27, 2026).
