DOE v. Github (original complaint) Court Filing, retrieved on November 3, 2022 is part of HackerNoon’s Legal PDF Series. You can jump to any part in this filing here. This is part 32 of 37.
COUNT IX
VIOLATION OF THE CALIFORNIA CONSUMER PRIVACY ACT
Cal. Civ. Code § 1798.150
(GitHub and OpenAI)
221. Plaintiffs and the Class hereby repeat and incorporate by reference each preceding and succeeding paragraph as though fully set forth herein.
222. At all relevant times, GitHub and OpenAI were “businesses” under the terms of Cal. Civ. Code § 1798.140(g) of the California Consumer Privacy Act (“CCPA”) as sole proprietorships, partnerships, limited liability companies, corporations, associations, or other legal entities operating in the State of California that collect consumers’ personal information. GitHub and OpenAI either have annual operating revenue above $25 million, collect the personal information of 50,000 or more California residents annually, or derive at least fifty percent of their annual revenue from the sale of personal information of California residents.
223. At all relevant times, Plaintiffs and the Class were “consumers” under the terms of the CCPA as natural persons as defined in Section 17014 of Title 18 of the California Code of Regulations.
224. “Personal Information” is defined in Section 1798.140(o)(1) of the CCPA, which protects consumers’ personal information from collection, use, or sale by businesses without consumers’ notice and consent.
225. GitHub and OpenAI violated the CCPA by using customers’ PII without providing the required notice under the CCPA. GitHub and OpenAI did not notify Plaintiffs nor the Class they were using, distributing, or selling their PII to unauthorized third parties, namely Copilot
users.
226. GitHub and OpenAI also violated the CCPA by failing to provide notice to its customers of their right to opt-out of the disclosure of their PII to unauthorized third parties, namely Copilot users.
227. GitHub and OpenAI also violated the CCPA by incorporating Plaintiffs’ and the Class’s personal information into Copilot with no way to alter or delete. And also with no way to share that personal data with Plaintiffs or the Class upon request.
228. GitHub and OpenAI also violated the CCPA by failing to provide a clear and conspicuous link entitled “Do Not Sell My Personal Information” to a webpage that enables a consumer—or a person authorized by a consumer—to opt out of the sale of Plaintiffs’ and the Class’s personal data through Copilot.
229. By the acts described above, GitHub and OpenAI violated the CCPA by negligently, carelessly, and recklessly collecting, maintaining, and controlling their customers’ sensitive personal information and by engineering, designing, maintaining, and controlling systems that exposed their customers’ sensitive personal information of which GitHub and OpenAI had control and possession to the risk of exposure to unauthorized persons, thereby violating their duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information. GitHub and OpenAI allowed unauthorized users to view, use, manipulate, exfiltrate, and steal the nonencrypted and nonredacted personal information of Plaintiffs and other customers, including their personal and financial information.
Continue Reading Here.
About HackerNoon Legal PDF Series: We bring you the most important technical and insightful public domain court case filings.
This court case 3:22-cv-06823-KAW retrieved on September 5, 2023, from Storage.Courtlistener is part of the public domain. The court-created documents are works of the federal government, and under copyright law, are automatically placed in the public domain and may be shared without legal restriction.