In a case of first impression, the U.S. Court of Appeals for the Ninth Circuit was tasked with determining whether the alleged extracting and retaining of consumer data and tracking of customers using an online payment platform exposes defendants to personal jurisdiction in the state where an online purchase was made. The court concluded it does not. “When a company operates a nationally available e-commerce payment platform and is indifferent to the location of end-users, the extraction and retention of consumer data, without more, does not subject the defendant to specific jurisdiction in the forum where the online purchase was made.”

In Briskin v. Shopify, Inc., the plaintiff, a California resident, used his mobile browser to purchase fitness apparel. The fitness apparel website used Shopify’s software and code to process orders and payments. Shopify provides participating merchants with a sales platform that enables the processing of online purchases, irrespective of where the purchases are made. When completing his online order, the plaintiff input certain information, including his name, address, and credit card number. The complaint alleged Shopify and two of its wholly owned subsidiaries collected this information, installed cookies onto the plaintiff’s phone, connected his browser to its network, generated payment forms requiring the plaintiff to enter private identifying information, and stored the plaintiff’s personal and credit card information for later use and analysis. Defendants also allegedly transmitted the plaintiff’s payment information to a second payment processor for additional storage, analysis, and processing. The plaintiff filed a putative class action alleging the defendants violated various California privacy and unfair competition laws, including the California Invasion of Privacy Act, because they deliberately concealed their involvement in consumer transactions. Shopify, Inc. is a Canadian corporation with its headquarters in Ottawa. Its subsidiaries, Shopify (USA), Inc. (Shopify USA) and Shopify Payments (USA), Inc. are Delaware corporations with principal places of business in New York and Delaware, respectively. The defendants moved to dismiss the complaint for lack of personal jurisdiction and the district court granted the motion. The plaintiff appealed.

In analyzing whether defendants purposefully directed their activities at the forum state under the first prong of the specific jurisdiction analysis, the Ninth Circuit found that the crux of the case was in prong two of the Calder effects test, whether the defendants “expressly aimed” their activities at the forum state. The plaintiff argued the defendants’ contracts with California merchants, “store” in Los Angeles that promotes merchant relations, California fulfillment center, partnership with a California company, and Shopify USA’s presence in the state, i.e., business registration, employees, etc., established specific jurisdiction. The court disagreed. For specific jurisdiction to exist, the plaintiff’s claim “must be one which arises out of or relates to the defendant’s forum-related activities.” The court found no such causal relationship between the defendants’ broader California business contacts and the plaintiff’s claims because these contacts did not cause the plaintiff’s harm.

The plaintiff also argued that by collecting, retaining, and using consumer data obtained from individuals who made online purchases in California defendants effectively “reached into” California (electronically) and inserted themselves (technologically) into a transaction between a California consumer and a California merchant, thereby expressly aiming their conduct toward California. The Ninth Circuit rejected this argument, citing precedent confirming the defendants did not expressly aim their conduct toward California simply because the plaintiff resided there, made his online purchase there, and sustained his privacy-based injuries in that state because the plaintiff’s injuries were personal to him and would follow him wherever he chose to live or travel. After determining the precedents and principles derived from personal jurisdiction cases involving interactive websites should apply to a broadly accessible back-end web platform like the defendants, the Ninth Circuit held the defendants had not expressly aimed their suit-related conduct at California because their web payment platform does not have a “forum-specific focus”. It is accessible across the United States and is indifferent to the location of either the merchant or the end consumer. And, while the defendants do have a sizeable merchant base in California, their extraction and retention of consumer data arises out of the actions of those merchants whose transactions also do not depend on consumers being present in California. “Driving our decision-making in this area has been the need to draw some lines to avoid subjecting web platforms to personal jurisdiction everywhere. Were it otherwise, ‘every time a seller offered a product for sale through an interactive website, the seller would be subjecting itself to specific jurisdiction in every forum in which the website was visible.’ ‘That result,’ we have said, ‘would be too broad to comport with due process.'”