Programmers' Argument in GitHub Lawsuit is Inconsistent

ARGUMENT

I. PLAINTIFFS LACK ARTICLE III STANDING AND THEREFORE SUBJECT MATTER JURISDICTION BECAUSE THEY HAVE NOT ALLEGED ACTUAL OR THREATENED INJURY.

B. Plaintiffs Also Do Not Allege Privacy-Based Injury.

Even as Plaintiffs hypothesize harm from failing to be identified, they also allege their privacy is injured through misuse of their personal identifying information (“PII”). Compl. ¶¶ 225-39. This second and inconsistent theory of injury, like the first, fails to demonstrate any actual or threatened harm because Plaintiffs have alleged no details concerning collection or mishandling of any of their PII. They have not identified the type of information at issue, any specific information of their own, how and from where any Defendant allegedly collected that information, or how that information was mishandled.

Plaintiffs therefore cannot allege a privacy-based injury, like invasion of privacy, loss of control over private information, or disclosure of private information. Cf. TransUnion, 141 S. Ct. at 2204 (identifying types of harms supporting standing). Indeed, any such injury appears implausible based on what is alleged: if Plaintiffs are claiming that their PII was collected from public repositories on GitHub, it is difficult to see how collection of that information could possibly effect a privacy harm. In any event, Plaintiffs’ failure to allege privacy-based injury requires dismissal. E.g., I.C. v. Zynga, Inc., 600 F. Supp. 3d 1034, 1048-50 (N.D. Cal. 2022).