Rhode Island has appealed its case against Alphabet Inc. after Judge Jeffrey S. White granted Defendants’ motion to dismiss.
The state originally filed its complaint in 2018 against Alphabet due to a data breach at Google. The Employees’ Retirement System of Rhode Island filed the class action suit after it was disclosed that “Google executives had hidden privacy breaches that compromised the personal information of 52.5 million users.” The state claims that Google was obliged to let users and investors know about the breach. The suit alleges that Google misled shareholders and regulators when the company “failed to disclose ongoing breaches in private user information from its social media platform Google +.” Google has since shut down Google+. Rhode Island alleges that the defendants violated the Securities Exchange Act of 1934.
Rhode Island claimed that the “statements and representation made in the Form 10-Qs filed by Alphabet on April 23, 2018, and July 23, 2018, which incorporated the risk factors in Alphabet’s Form 10-K for 2017 and stated that there were no material changes to those risk factors. Plaintiffs allege that Alphabet’s failure to disclose information about the Google+ bug rendered these statements misleading.” However, Google claimed these forms were valid and not misleading because the bug was identified and fixed before the statements in the forms were made.
Judge White stated in the order dismissing the case that “[t]here is no support for the position that a remediated technological problem which is no longer extant must be disclosed in the company’s future-looking disclosures.” Therefore, Alphabet did not mislead because it did not disclose a fixed bug. Alphabet also claimed that its warnings about its security measures were adequate to ensure an investor would be sufficiently warned about security risks for software that needs data sharing. Alphabet also states that the information the bug made available was not in and of itself sensitive and no user had their information misused. This information included “birth dates, photos, occupations, relationship status, and emails; not inherently sensitive information such as social security numbers, medical records, or bank information.” Alphabet states that the plaintiffs failed to prove this affected their earnings. The court has found that Plaintiffs have not sufficiently pled fact-based accusations to constitute an action and they have not claimed a misrepresentation or omission of material fact and failed to plead scienter with the required particularity. Additionally, the plaintiffs did not show that the court could strongly infer Alphabet’s actions as deliberately reckless. Rhode Island neglected to allege a violation of various sections of the Exchange Act. As a result, Rhode Island’s claims cannot proceed.
Rhode Island’s opening brief is due on July 20 to the Ninth Circuit Court of Appeals.