Publication
Ninth Circuit Substantially Expands Personal Jurisdiction Over E-Commerce Businesses in Briskin v. Shopify
On April 21, 2025, the United States Court of Appeals for the Ninth Circuit, sitting en banc, issued a decision in Briskin v. Shopify, Inc. substantially broadening the exercise of personal jurisdiction over online businesses under a “purposeful direction” theory. The ruling is a departure from long established precedent limiting the exercise of personal jurisdiction over online businesses to those that engaged in “differential targeting” – expressly aiming their conduct at the forum state, or that had a physical presence in the state. Courts have historically refused to exercise personal jurisdiction over defendants with a passive or generalized national online presence. Central to the analysis, however, was the fact that the case involved the extraction, storage and commercialization of the personal data of the forum’s residents in connection with the transaction at issue without their knowledge or consent.
Case Background
The Plaintiff, Brandon Briskin, was a California resident who brought a putative class action alleging the violation of various state and federal privacy laws as well as a claim for unfair competition against Shopify, a Canadian-based e-commerce platform, and two of its American subsidiaries. Briskin purchased apparel from a Shopify-hosted online vendor via his mobile device. Briskin alleged that, unbeknownst to him, Shopify processed the payment and, in connection with the transaction, surreptitiously embedded tracking cookies on his mobile device that allegedly harvested his detailed personal information (geolocation, IP address and browser identity) which Shopify then allegedly monetized by compiling “consumer profiles” it shared with its merchant partners and other third parties. Briskin alleged these tracking cookies permanently remained on his device and that he had no way of knowing that Shopify was involved in his transaction in any capacity – much less that it had implanted cookies on his device. Indeed, he alleged that even had he reviewed the “Privacy Policy” there was no mention of Shopify or the cookies it was implanting.
Shopify successfully moved to dismiss the lawsuit for lack of personal jurisdiction on the basis that it operated a nationwide platform and did not target or direct any specific conduct towards California. The Ninth Circuit affirmed the district court ruling and held that under existing law, the operation of a nationally accessible platform without differential targeting of the forum state was an insufficient basis for specific personal jurisdiction. The Ninth Circuit reheard the case en banc and reversed. In doing so, the Ninth Circuit expressly overruled prior circuit authority1 that had required a “forum-specific focus” such as “differential targeting.” As such, the result is a new and more expansive view on the application of personal jurisdiction to online businesses.
The Ninth Circuit’s Ruling
The court first discussed the “purposeful direction/purposeful availment” requirement utilizing the Calder effects test2 focusing on the forum in which the actions are felt and whether “something more” was alleged, beyond mere passive nationwide accessibility. The court focused on whether the website operator knows it is dealing with (and profiting from) a forum resident and whether it knows its conduct is likely to cause harm to that resident in the forum at issue. The court found that Shopify had purposely directed its conduct toward California in that it “targeted California consumers to extract, collect, maintain, distribute, and exploit for its own profit, not only the California consumers’ payment information that it diverts to its own servers, but also all of the other personal identifying information that it extracts from the software it permanently installs on their devices without their knowledge or consent.” This satisfied the Calder test in that “each of Shopify’s actions in its regular course of business is an intentional act, which Shopify knows will cause harm to California consumers,” by violating California’s privacy laws. This activity constituted “express aiming” towards California sufficient to support specific personal jurisdiction. In so ruling, the court expressly overruled AMA’s “differential targeting” requirement and held that AMA had misread prior precedent by adding a requirement for “express aiming” that “can be found nowhere in our precedents.”
Second, the court found a sufficient causal nexus between Shopify’s conduct in California and Briskin’s claims, in that the alleged privacy violations related directly to Shopify’s installing tracking software onto unsuspecting Californians’ phones so that it could extract personal data from them, and would tend to cause privacy injuries in California.
Finally, the court concluded that exercising jurisdiction over Shopify in California was reasonable. Shopify had asserted the exercise of jurisdiction would be unfair to the extent it could lead to specific jurisdiction in all 50 states. The court again focused on the nature of the contacts and concluded “[t]hat may be true, but not unfair, if the contacts Shopify makes in all 50 states are like its California contacts.”
Key Takeaways
The decision does not necessarily require a conclusion that an e-commerce business with a nationally accessible platform will be subject to personal jurisdiction in all 50 states. Rather, the Shopify decision seemed focused on two distinct aspects of Shopify’s conduct that may not be present in other circumstances. First, the surreptitious nature of the activity and Shopify’s role in it. The “Privacy Policy” at issue made no reference to Shopify’s role in the transaction, the permanent implantation of the cookie on the consumer’s device, or the planned monetization of the consumer’s information. Second, the implanted cookie informed Shopify of the consumer’s location in California. Thus, the harvesting and monetization of the consumer’s information was a knowing violation of California’s privacy laws.
Footnotes
-
The opinion expressly overruled AMA Multimedia, LLC v. Wanat, 970 F.3d 1201 (9th Cir. 2020).
-
Calder v. Jones, 465 U.S. 783 (1984).
About Snell & Wilmer
Founded in 1938, Snell & Wilmer is a full-service business law firm with more than 500 attorneys practicing in 17 locations throughout the United States and in Mexico, including Los Angeles, Orange County, Palo Alto and San Diego, California; Phoenix and Tucson, Arizona; Denver, Colorado; Washington, D.C.; Boise, Idaho; Las Vegas and Reno, Nevada; Albuquerque, New Mexico; Portland, Oregon; Dallas, Texas; Salt Lake City, Utah; Seattle, Washington; and Los Cabos, Mexico. The firm represents clients ranging from large, publicly traded corporations to small businesses, individuals and entrepreneurs. For more information, visit swlaw.com.
