A magistrate judge in the Central District of California recently handed down a blockbuster precedent in the product liability case, Kaupelis v. Harbor Freight Tools USA, Inc. The decision concerns the scope of discovery when dealing with personal information protected under the California Consumer Privacy Act (CCPA). In this case, the judge found that the CCPA does not prohibit the defendants from producing personal information during discovery on consumers who had complained about the product at issue.
A CCPA Refresher
Central to the decision in Kaupelis is the California Consumer Privacy Act (CCPA). This landmark privacy law took effect on January 1, 2020, and granted California consumers several rights concerning the personal information that businesses collect about them. For example, consumers have the right to know what specific types of personal information are collected and the right to opt-out of the collection if the business is selling that information. Consumers also have the right to know whom their information was shared with and the right to direct the company to delete the collected information. All California businesses are subject to the law even if they are not physically present in the state. Small businesses are excepted.
Of course, the CCPA says nothing about its impact on civil discovery. It does state that the regulation will not restrict a business’s ability to comply with federal law. The CCPA also provides that it “shall not restrict a business’ ability to . . . comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by federal, state, or local authorities.”
Kaupelis Case Background
Plaintiffs Will Kaupelis and Frank Ortega filed a class action complaint against Harbor Freight Tools USA for allegedly selling them defective chainsaws. The plaintiffs also claim the company failed to disclose a significant defect in the chainsaw’s power switch in packaging and product descriptions. Both plaintiffs purchased the same 14-inch Portland brand electric chainsaw from Harbor Freight stores located in southern California.
The chainsaw in question, manufactured and sold by Harbor Freight Tools USA, retails under the Portland, One Stop Gardens, and Chicago Electric brand names. The products, however, are identical, sharing the model number 627555. Per the complaint, the plaintiffs explain that the model number 627555 product packaging specifically highlights the “Safety Lock-Out Switch.” This, asserts the plaintiffs, gives the impression that the product was specially designed to prevent unintended or undesired operations.
Kaupelis and Ortego allege that the on/off switch on the chainsaw didn’t work properly. Specifically, they say that the power switch “was prone to malfunction, causing the chainsaw blade to continue operating after the operator moves the power switch to the “off” position.” Per the complaint, a chainsaw that does not turn off when the user switches the power control to “off” is “extraordinarily dangerous” and renders the product “unsuitable for their principal and intended purpose.” They also claim they would not have purchased the chainsaw had they known it was unfit for its intended purpose.
The complaint also cites a May 2018 recall by Harbor Freight for the chainsaw model in question. In the recall, Harbor Freight admitted that this chainsaw had a defect in the design and materials causing it to continue operating after the operator moves the power switch to the “off” position.
On behalf of the proposed class, the plaintiffs claim that Harbor Freight violated California’s Consumers Legal Remedies Act (CLRA), California Civil Code § 1750, et seq., California’s Unfair Competition Law, and the Magnuson-Moss Warranty Act, 15 U.S.C. §§ 2301, et seq. Further, the plaintiffs assert that Harbor Freight committed fraud by omission and breached the chainsaw’s implied warranty.
CCPA’s Role in Kaupelis
In this case, CCPA became relevant when two of the plaintiffs’ interrogatories asked the defendant to provide documentation on who had complained about the chainsaw defect at issue and when. This information was intended to buttress the basis for class certification. The defendant, however, argued that sharing the requested consumer personal information would violate the consumers’ CCPA privacy rights. Magistrate Judge Douglas F. McCormick rejected Harbor Freight’s argument that the CCPA or other privacy laws precluded plaintiffs from getting the discovery they sought. To balance the discovery and privacy rights, McCormick reasoned that a protective order could protect the consumers’ privacy. The court stated that “[n]othing in the CCPA presents a bar to civil discovery. Notably, no other case has so held. And the statute itself explicitly says that it is not a restriction on a business’s ability to comply with federal law.”
Following this ruling, the defendant complained to District Judge James V. Selna that Judge McCormick’s ruling was no longer valid, as Judge Selna had recently certified the class in part. Selna agreed with McCormick on the CCPA issue. He also sent the issue back to McCormick and directed that he evaluate whether his CCPA ruling remains valid post-certification.
During the reconsideration, the defendant argued, among other things, that producing information on non-class members would also violate the CCPA. McCormick again disagreed with the CCPA argument, saying it had already been rejected twice—by himself and Judge Selna. Moreover, the reconsideration was about the validity of the personal information request post-certification of the class. The privacy issue was no longer under review. Judge McCormick ruled that the requested information was relevant to the claims and defenses post-certification and ordered the defendant to respond to the interrogatories.
Looking Ahead at CCPA and Discovery
Litigators have likely not heard the last on these issues balancing CCPA with discovery. Litigants will certainly continue to attempt to avoid the production of personal information using a CCPA argument, though it seems likely that other courts will fall in line with the Kaupelis decision. Protecting the personal information with a protective order will play a key role in these decisions. Courts are hesitant to deny litigants the information they need to assert claims or defenses so they can access their full due process rights.
However, if personal information subject to a protective order is inadvertently disclosed, privacy rights may rise higher up in priority. Most protective orders require careful distribution with agreed-upon confidentiality measures, though this is never a failsafe. The personal information may have already been leaked or distributed, causing the consumer harm. It’s not hard to imagine privacy advocates getting involved in this still-evolving clash of discovery and privacy rights.
