In a recent opinion, the California Supreme Court ruled in favor of California-based tech giant Yahoo in a multiyear legal battle with the National Union Fire Insurance Company of Pittsburgh, Pennsylvania. The insurer had refused to defend Yahoo against five class action lawsuits alleging Yahoo violated provisions of the Telephone Consumer Protection Act (TCPA) by sending unsolicited spam “robotext” messages. Yahoo settled some of the claims and sought to recover defense costs from National Union under a series of commercial general liability (CGL) policies Yahoo purchased between 2008 and 2012.
The policies provided coverage for injuries “arising out of … [o]ral or written publication, in any manner, of material that violates a person’s right of privacy.” The parties also had negotiated an endorsement removing an exclusion for claims arising under the TCPA.
The crux of the dispute was whether Yahoo’s coverage for violations of “a person’s right of privacy” contemplated coverage for the TCPA claims asserted against Yahoo in the class actions. A federal district court previously ruled against Yahoo on the issue, granting National Union’s motion to dismiss. The case eventually made its way to the California Supreme Court on certification from the US Court of Appeals for the Ninth Circuit.
The California Supreme Court explained that the “law of privacy” protects, among other interests, the right to secrecy (i.e., the right to prevent “disclosure of personal information to others”) and the right to seclusion (i.e., the right to be free from “disturbance by others”). The TCPA protects telephone users’ right to seclusion by placing restrictions on automated telephone calls (robocalls) – which has been interpreted to include text messages (robotexts) – and unsolicited facsimile machine advertisements (junk faxes). The parties stipulated that the TCPA does not address disclosures that would violate the right to secrecy. The court found the policy language ambiguous as to whether it covered not only right to secrecy violations but also right to seclusion violations. The court further reasoned that neither the standard rules of contract interpretation nor the rule of the last antecedent resolved the ambiguity. Accordingly, and consistent with California law, the court found a possibility of coverage and thus a potential duty to defend. Specifically, the court directed that the federal district court may recognize such a duty to defend if further litigation demonstrates that coverage for TCPA violations was consistent with Yahoo’s objectively reasonable expectations – or if further litigation does not otherwise resolve the ambiguity.
The court also left open for future litigation whether the policies’ advertising injury exclusion may limit coverage or a duty to defend. Still, the court handed a big win to policyholders by siding with Yahoo, rejecting lower-court precedent holding that TCPA/right to seclusion claims can never be covered under standard CGL insuring clauses and reaffirming that ambiguous policy language must be interpreted in a way that fulfills the insured’s objectively reasonable expectations.
If you have any questions about cyber insurance and privacy class action defense, please reach out to a member of the Cooley insurance and cyber/data/privacy teams.