paint-brush
GitHub and OpenAI Accused of Violating the California Consumer Privacy Actby@legalpdf

GitHub and OpenAI Accused of Violating the California Consumer Privacy Act

by Legal PDF: Tech Court CasesSeptember 8th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

GitHub and OpenAI face allegations of violating the California Consumer Privacy Act (CCPA) by using personal information without proper notice, failing to provide opt-out options, and inadequately protecting sensitive data. These violations could result in significant consequences for the companies.
featured image - GitHub and OpenAI Accused of Violating the California Consumer Privacy Act
Legal PDF: Tech Court Cases HackerNoon profile picture

DOE v. Github (original complaint) Court Filing, retrieved on November 3, 2022 is part of HackerNoon’s Legal PDF Series. You can jump to any part in this filing here. This is part 32 of 37.

VIII. CLAIMS FOR RELIEF

COUNT IX

VIOLATION OF THE CALIFORNIA CONSUMER PRIVACY ACT

Cal. Civ. Code § 1798.150

(GitHub and OpenAI)


221. Plaintiffs and the Class hereby repeat and incorporate by reference each preceding and succeeding paragraph as though fully set forth herein.


222. At all relevant times, GitHub and OpenAI were “businesses” under the terms of Cal. Civ. Code § 1798.140(g) of the California Consumer Privacy Act (“CCPA”) as sole proprietorships, partnerships, limited liability companies, corporations, associations, or other legal entities operating in the State of California that collect consumers’ personal information. GitHub and OpenAI either have annual operating revenue above $25 million, collect the personal information of 50,000 or more California residents annually, or derive at least fifty percent of their annual revenue from the sale of personal information of California residents.


223. At all relevant times, Plaintiffs and the Class were “consumers” under the terms of the CCPA as natural persons as defined in Section 17014 of Title 18 of the California Code of Regulations.


224. “Personal Information” is defined in Section 1798.140(o)(1) of the CCPA, which protects consumers’ personal information from collection, use, or sale by businesses without consumers’ notice and consent.


225. GitHub and OpenAI violated the CCPA by using customers’ PII without providing the required notice under the CCPA. GitHub and OpenAI did not notify Plaintiffs nor the Class they were using, distributing, or selling their PII to unauthorized third parties, namely Copilot

users.


226. GitHub and OpenAI also violated the CCPA by failing to provide notice to its customers of their right to opt-out of the disclosure of their PII to unauthorized third parties, namely Copilot users.


227. GitHub and OpenAI also violated the CCPA by incorporating Plaintiffs’ and the Class’s personal information into Copilot with no way to alter or delete. And also with no way to share that personal data with Plaintiffs or the Class upon request.


228. GitHub and OpenAI also violated the CCPA by failing to provide a clear and conspicuous link entitled “Do Not Sell My Personal Information” to a webpage that enables a consumer—or a person authorized by a consumer—to opt out of the sale of Plaintiffs’ and the Class’s personal data through Copilot.


229. By the acts described above, GitHub and OpenAI violated the CCPA by negligently, carelessly, and recklessly collecting, maintaining, and controlling their customers’ sensitive personal information and by engineering, designing, maintaining, and controlling systems that exposed their customers’ sensitive personal information of which GitHub and OpenAI had control and possession to the risk of exposure to unauthorized persons, thereby violating their duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information. GitHub and OpenAI allowed unauthorized users to view, use, manipulate, exfiltrate, and steal the nonencrypted and nonredacted personal information of Plaintiffs and other customers, including their personal and financial information.



Continue Reading Here.


About HackerNoon Legal PDF Series: We bring you the most important technical and insightful public domain court case filings.


This court case 3:22-cv-06823-KAW retrieved on September 5, 2023, from Storage.Courtlistener is part of the public domain. The court-created documents are works of the federal government, and under copyright law, are automatically placed in the public domain and may be shared without legal restriction.