Opinion
22-cv-23961-GAYLES/TORRES
08-31-2023
DAMIAN R. JOSEFSBERG, Plaintiff, v. UBER TECHNOLOGIES, INC. and CHECKR, INC., Defendants.
ORDER
DARRIN P. GAYLES UNITED STATES DISTRICT JUDGE
THIS CAUSE comes before the Court on Defendant Uber Technologies, Inc.'s Motion to Dismiss Plaintiff's Class Action Complaint and Defendant Checkr, Inc.'s Motion to Dismiss (the “Motions”). [ECF Nos. 27, 28]. The Court has reviewed the Motions and the record and is otherwise fully advised. For the reasons set forth below, the Motions shall be granted.
BACKGROUND
Plaintiff Damian R. Josefsberg brought this putative class action against Defendants Uber Technologies, Inc. (“Uber”) and Checkr, Inc. (“Checkr”) (collectively “Defendants”) after he discovered that an unidentified individual was driving for Uber using Plaintiff's stolen identity. The crux of Plaintiff's claims is that Defendants should have done a better job screening Uber drivers to ensure that the drivers are not using stolen identities.
Uber operates a ride sharing transportation network, similar to a taxi-service, whereby its customers can submit trip requests via Uber's mobile app. [ECF No. 1 ¶ 22]. Uber relies on a network of drivers to accept and complete trip requests. Id. ¶ 24. Drivers must provide their personal identification information (“PII”) and undergo a background screening process before they can begin driving for Uber. Id. ¶ 24. Uber repeats driving and criminal history checks annually on its drivers. Id. ¶ 25. Uber contracts with Checkr, a technology company, to conduct the background screenings and identity verifications for its drivers. Id. 26-27.
The Complaint cites to the following statements on Uber's website regarding driver screening: (a) all drivers are screened before their first trip, (b) drivers are “background checked” before their first trip, (c) drivers must pass an annual check to continue using the app, and (d) assuming someone else's identity is prohibited, and drivers are periodically asked to take photographs of themselves which are matched against their on-file identification. [ECF No. 1 ¶ 25].
On June 19, 2022, Plaintiff discovered that Uber filed a 1099-NEC under his name and social security number, reporting compensation in the amount of $1,236.00. Id. ¶ 29-30. Plaintiff has never been a driver, employee, or contractor for Uber. Id. ¶ 32.
On August 15, 2022, Plaintiff, through counsel, sent a letter to Uber requesting that it (1) cease using all Uber driver accounts using Plaintiff's name, social security number, or other PII; (2) provide Plaintiff with all documents related to background checks and identification verification in connection with his PII; and (3) provide Plaintiff with all IRS forms issued in Plaintiff's name. Id. ¶ 33-34. Uber responded on September 8, 2022, stating that it identified an account using Plaintiff's PII but needed additional documentation to remove Plaintiff's PII from the fraudulent account. Id. ¶ 35. Uber also notified Plaintiff that he would need to seek documents related to background checks from Checkr. Id. ¶ 36.
Over the next few weeks, Plaintiff complied with Uber's request for documentation of his PII, requested additional documents from Uber and Checkr, and again requested confirmation that his PII had been removed from the fraudulent account. Id. ¶ 37-41. On September 26, 2022, Uber confirmed that it had deactivated the fraudulent account in Plaintiff's name. Id. ¶ 44. Defendants have not provided Plaintiff with the background report they ordered and prepared using his PII.
Plaintiff claims that, as a result of Defendants' failure to properly perform the background check on the driver who had assumed his identity, he has suffered damages, including incurring costs associated with (i) hiring and paying professionals to correct tax filings; (ii) the adverse effects on his tax filing status; (iii) filing and pursuing a complaint for identity theft with the FTC; and (iv) the other adverse effects of identity theft. Id. ¶ 86, 96, 121, 135.
On December 5, 2022, Plaintiff filed this action against Defendants alleging claims for negligence (Counts I and II), violation of the Fair Credit Reporting Act (“FCRA”) (Count III), and violations of the Florida Deceptive and Unfair Trade Practices Act (“FDUTPA”) (Counts IV and V). Id. Defendants now move to dismiss arguing lack of standing and failure to state a claim.
Only Uber raised lack of standing in its Motion.
LEGAL STANDARDS
A motion to dismiss for lack of subject matter jurisdiction brought pursuant to Federal Rule of Civil Procedure 12(b)(1) may present either a facial or a factual challenge to the complaint. See McElmurray v. Consol. Gov't, 501 F.3d 1244, 1251 (11th Cir. 2007). In a facial challenge, a court is required only to determine if the plaintiff has “sufficiently alleged a basis of subject matter jurisdiction, and the allegations in his complaint are taken as true for the purposes of the motion.” Id. at 1251 (internal quotation omitted). By contrast, a factual attack “challenge[s] the existence of subject matter jurisdiction in fact, irrespective of the pleadings, and matters outside the pleadings . . . are considered.” Id. Uber's Motion launches a facial attack on Plaintiffs' standing.
“To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.'” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). Although this pleading standard “does not require ‘detailed factual allegations,' . . . it demands more than an unadorned, the-defendant-unlawfully-harmed-me accusation.” Id. (quoting Twombly, 550 U.S. at 555).
Pleadings must contain “more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do.” Twombly, 550 U.S. at 555 (citation omitted). Indeed, “only a complaint that states a plausible claim for relief survives a motion to dismiss.” Iqbal, 556 U.S. at 679 (citing Twombly, 550 U.S. at 556). To meet this “plausibility standard,” a plaintiff must “plead[ ] factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. at 678 (alteration added) (citing Twombly, 550 U.S. at 556). When reviewing a motion to dismiss, a court must construe the complaint in the light most favorable to the plaintiff and take the factual allegations therein as true. See Brooks v. Blue Cross & Blue Shield of Fla. Inc., 116 F.3d 1364, 1369 (11th Cir. 1997).
DISCUSSION
I. Standing
Standing “is a threshold question that must be explored at the outset of any case.” Corbett v. Transp. Sec. Admin, 930 F.3d 1225, 1232 (11th Cir. 2019). It is not a “mere pleading requirement[] but rather an indispensable part of the plaintiff's case ....” Lujan v. Defenders of Wildlife, 504 U.S. 555, 561 (1992). To establish Article III standing, “[t]he plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision.” Spokeo, Inc. v. Robins, 578 U.S. 330, 338 (2016) (citing Lujan, 504 U.S. at 560-61).
A. Plaintiff's Standing to Assert Negligence and FDUTPA Claims
Defendants do not dispute, and the Court agrees, that Plaintiff has adequately alleged the first and third elements for standing to assert his negligence and FDUPTA claims. The issue here is causation.
To establish standing, Plaintiff must show that his injury is “fairly traceable to the challenged action of the Defendant.” Spokeo, 578 U.S. at 338. Said differently, the Complaint must allege facts showing a “causal connection between the injury and the conduct complained of . . . .” Lujan, 504 U.S. at 560. However, the causal connection for Article III standing is not the same as proximate cause. See Ariz. St. Leg. v. Ariz. Indep. Redistricting Comm'n, 576 U.S. 787, 800 (2015) (cautioning courts not to “confus[e] weakness on the merits with absence of Article III standing.”). A defendant does not need to “be the most immediate cause, or even a proximate cause, of plaintiffs' injuries; [Article III] requires only that those injuries be fairly traceable to defendants.” In re Mednax Services, Inc., Customer Data Security Breach Litigation, 603 F.Supp.3d 1183, 1197 (S.D. Fla. 2022) (citing LexmarkInt'l, Inc. v. Static Control Components, Inc., 572 U.S. 118, 134 n.6 (2014)).
In his negligence and FDUTPA claims, Plaintiff alleges that his injuries include incurring costs associated with (i) hiring and paying professionals to rectify the incorrect tax filings, (ii) adverse effects on his tax filing status, (iii) filing and pursuing a complaint for identity theft with the FTC, and (iv) other adverse effects of identity theft. [ECF No. 1 ¶ 86, 96, 121, 135]. The Court finds that, at this stage of the litigation, Plaintiff has alleged enough to establish that these injuries are fairly traceable to Defendants' purported failure to properly run a background check and Uber's issuance of a 1099.
B. Plaintiff's Standing to Raise Claims Under the FCRA
The Court, however, finds that Plaintiff does not sufficiently allege standing to raise his FCRA claim. Plaintiff alleges that Defendants violated the FCRA by failing to obtain his consent before procuring his credit report and provide him with the requisite disclosures, and that, as a result, he has been injured “by having [his] identity stolen and having [his] privacy and statutory rights invaded . . . .” Id. ¶ 110. These allegations fail to establish standing. First, Plaintiffs conclusory allegation that his privacy and statutory rights were invaded is insufficient to plead an injury-in-fact. Alleging a “bare procedural violation, divorced from any concrete harm” is not enough to support standing. Spokeo, 578 U.S. at 341. Second, while having his identity stolen is an injury-in-fact, Plaintiff fails to allege a causal connection between this injury and Defendants' actions. Indeed, the only plausible reading of the Complaint is that someone misappropriated Plaintiff's identity before Defendants ever ran Plaintiff's credit report. As a result, Plaintiff's alleged injury-in-fact on this claim is not fairly traceable to Defendants. See Peters v. St. Joseph Servs. Corp., 74 F.Supp.3d 847 (S.D. Tex. 2015) (holding that a plaintiff had not alleged a causal connection sufficient to have standing to bring a claim under the FCRA where her purported injuries were “the result of the independent action of a third party.”). Therefore, Plaintiff's claim under the FCRA is dismissed for lack of standing.
The Court notes that, even if Plaintiff had adequately alleged standing, it is likely that he failed to properly allege his FCRA claim. First, it does not appear that the FCRA contemplates a duty to separately verify an identity before procuring a consumer report. See e.g., Domante v. Dish Networks, L.L.C., 974 F.3d 1342, 1346 (11th Cir. 2020) (affirming summary judgment in favor of the defendant on a FCRA claim where the plaintiff, a victim of identity theft, alleged that the defendant procured a consumer report based on a fraudulent application for defendant's services). Moreover, with respect to Checkr, Plaintiff alleges a violation of 15 U.S.C. § 1681b(b)(2)(A), a provision which, as Plaintiff concedes in his response to Checkr's Motion, applies to employers and not consumer reporting agencies like Checkr.
II. Failure to State a Claim
Defendants also argue that Plaintiff fails to adequately allege his negligence and FDUTPA claims. The Court addresses each in turn.
A. Negligence
“To state a claim for negligence under Florida law, a plaintiff must allege that the defendant owed the plaintiff a duty of care, that the defendant breached that duty, and that the breach caused the plaintiff to suffer damages.” Lewis v. City of St. Petersburg, 260 F.3d 1260, 1262 (11th Cir. 2001). Here, Plaintiff fails to allege both duty and proximate cause.
“The duty element of negligence focuses on whether the defendant's conduct foreseeably created a broader ‘zone of risk' that poses a general threat of harm to others.” McCain v. Fla. Power Corp., 593 So.2d 500, 502 (Fla. 1992). “To determine whether the risk of injury to a plaintiff is foreseeable under the concept of duty, courts must look at whether it was objectively reasonable to expect the specific danger causing the plaintiff's injury, not simply whether it was within the realm of any conceivable possibility.” Grieco v. Daiho Sangyo, Inc., 344 So.3d 11, 23 (Fla. 4th DCA 2022). “A legal duty does not exist merely because the harm in question was foreseeable-instead, the defendant's conduct must create the risk. In other words, a duty requires one person to control the risk.” Saunders v. Baseball Factory, Inc. 361 So.3d 365, 369 (Fla. 4th DCA 2023) (internal citations and quotations omitted). Generally, “a person has no duty to take precautions to protect another against criminal acts of third parties.” Id. (internal quotation omitted). “[T]he analysis of a defendant's liability in negligence for the criminal acts of another links the existence of a legal duty to the defendant's special relationship to the injured party or to the defendant's ability to control some aspect of the criminal act.” Id. (internal quotation omitted).
The Complaint fails to establish that either Uber or Checkr owed Plaintiff a legal duty of care. Plaintiff does not allege that he had a special relationship with Defendants; he was not a customer or employee of either of Uber or Checkr. See e.g. Eisenberg v. Wachovia Bank, N.A., 301 F.3d 220, 225 (4th Cir. 2002) (holding that a bank had no duty of care to a noncustomer after a fraudulent account was opened in the noncustomer's name); McCallum v. Rizzo, No. 942878, 1995 WL 1146812 at *2 (Mass. Supp. Oct. 13, 1995) (holding that “[t]he mere fact that a bank account can be used in the course of perpetrating a fraud does not mean that banks have a duty to persons other than their own customers.”). Moreover, Plaintiff does not allege that he entrusted his PII to Defendants who then failed to safeguard his information. Cf Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012) (finding current and former members of health care plans plausibly alleged negligence claim against plan operator which held their PII following a data breach). Rather, a plain reading of the Complaint shows that Plaintiff had no relationship with Defendants and had not entrusted his PII to Defendants. Accordingly, Plaintiff's claims for negligence shall be dismissed.
In his response to Checkr's Motion to Dismiss, Plaintiff argues that an implementing regulation of the FCRA and the FCRA itself creates a duty to perform identity verification services. However, Plaintiff's negligence claim against Checkr does not allege that Checkr's duty arises from a legislative enactment or regulation. As a result, the Court will not consider the regulation or the FCRA when evaluating Plaintiff's negligence claim. See Glik v. U.S. Citizenship & Immigr. Servs., No. 18-CV-25439, 2019 WL 3002923, at *1 (S.D. Fla. July 10, 2019) (“[A] party may not amend its complaint through a response to a motion to dismiss.”). Moreover, Plaintiff may not rely on Defendants' websites and company policies to establish a duty. Saunders v. Baseball Factory, Inc., 361 So.3d 365, 369 (Fla. 4th DCA 2023) (“While a written policy or manual may be instructive in determining whether the alleged tortfeasor acted negligently in fulfilling an independently established duty of care, it does not itself establish such a legal duty vis-a-vis individual members of the public.”). Finally, Plaintiff's reliance on the undertaker doctrine is misplaced under the facts alleged in this case. See Clay Elec. Co-Op, Inc. v. Johnson, 873 So.2d 1182, 1186 (Fla. 2003) (holding that the undertaker doctrine only applies if “the third person [suffers] physical harm resulting from [the undertaker's] failure to exercise reasonable care.”).
Even if Plaintiff had alleged that Defendants owed him a duty of care, he does not sufficiently allege that Defendants caused his injuries. Proximate cause requires that a “defendant's conduct foreseeably and substantially caused the specific injury that actually occurred.” Grieco v. Daiho Sangyo, Inc., 344 So.3d 11, 23 (Fla. 4th DCA 2022) (internal quotation omitted) (emphasis added). “A negligent act is not the proximate cause of a loss that results from the intervention of a new and independent cause that is not reasonably foreseeable.” Sosa v. Coleman, 646 F.2d 991, 993 (5th Cir. 1981) (applying Florida law).
Here, a third person, taking advantage of Plaintiff's compromised PPI, submitted Plaintiff's information to Uber as his or her own. Based on this information, Uber contracted with Checkr to run a background report. While the background report did not reveal the fraudulent use of Plaintiff's PII, Defendants' conduct did not foreseeably and substantially cause Plaintiff's injuries. Indeed, the third party who improperly used Plaintiff's identity caused the harm to his credit report and created the need for Plaintiff to remedy his tax status. Accordingly, Plaintiff's negligence claims shall be dismissed.
B. FDUTPA
To state a claim under FDUTPA, Plaintiff must allege “(1) a deceptive act or unfair practice; (2) causation; and (3) actual damages.” Marrache v. Bacardi, U.S.A., 17 F.4th 1084, 1087 (11th Cir. 2021) (quoting Carriuolo v. Gen. Motors Co., 823 F.3d 977, 985-86 (11th Cir. 2016)). Plaintiff's FDUPTA claims fail for the same reason his negligence claims fail: he has not adequately alleged a causal connection between Defendant's alleged deceptive or unfair act and his alleged damages. See Molina v. Aurora Loan Svcs., LLC, 635 Fed.Appx. 618, 627 (11th Cir. 2015) (affirming dismissal of a FDUTPA claim on a motion to dismiss where the plaintiff did not allege a causal link between the alleged deception and damages). Here, Plaintiff's alleged injuries-the costs associated with having to correct his credit report and tax filings-were caused by the individual(s) who stole his identity and not Defendants' procurement of a background check. As a result, Plaintiff's FDUTPA claims shall be dismissed.
In his response to the Motions, Plaintiff concedes that his alleged monetary damages are consequential and cannot be recovered under FDUTPA. However, Plaintiff continues to seek injunctive relief relating to his FDUTPA claims. “In the absence of actual damages, the FDUTPA permits any aggrieved party to pursue injunctive relief.” Farmer v. Humana, Inc., 582 F.Supp.3d 1176, 1191 (M.D. Fla. 2022) (internal quotation omitted).
Conclusion
Based on the foregoing, it is ORDERED AND ADJUDGED as follows:
1. Defendant Uber Technologies, Inc.'s Motion to Dismiss Plaintiff's Class Action Complaint, [ECF No. 27], and Defendant Checkr, Inc.'s Motion to Dismiss, [ECF Nos. 28], are GRANTED.
2. Plaintiff's Complaint is DISMISSED without prejudice.
3. This case is CLOSED for administrative purposes and all pending motions are DENIED as MOOT.
DONE AND ORDERED in Chambers at Miami, Florida, this 30th day of August, 2023.