Marriott was back before a federal appeals court hoping to dismantle a district judge’s order that certified a class of hotel guests impacted by its 2018 data breach.
It’s the second go-around for Marriott International Inc., which has been battling class certification in the same case for the past two years. The case is among the few to obtain a class certification order in a data breach lawsuit, most of which settle or get dismissed.
This time, the appeal focuses on a 2023 order that found Marriott could not use the defense of a class action waiver because it argued for the data breach cases to be coordinated into multidistrict litigation. On Nov. 1, during oral arguments, Marriott attorney Matthew Hellman, co-chairman of Jenner & Block’s appellate and Supreme Court practice, told a panel of the U.S. Court of Appeals for the Fourth Circuit, which remanded the case last year, that the order got it wrong.
“We’re back here because the district court once again certified classes that consist entirely of people who agreed they would not pursue class relief,” he said.
In Marriott’s opening brief, Hellman said it was not just his client on the line. The Fourth Circuit, he wrote, would become a “nationwide outlier.”
“That is wrong, and no other court in the country has ever held,” he wrote. “If the district court’s rule is allowed to stand, no defendant in this circuit could ever agree to an MDL without jeopardizing its contract defenses.”
Marriott has some support in its appellate arguments. The U.S. Chamber of Commerce filed an amicus brief insisting that the “unprecedented” Nov. 29 recertification order by U.S. District Judge John Preston Bailey would “have sweeping consequences for courts and parties alike by discouraging participation in MDLs, allowing end-runs around constitutional principles and controlling case law and adding to the immense pressure to settle improper class actions.”
“In the words of Yogi Berra, this case is ‘déjà vu all over again,'” Ashley Parrish, a Washington, D.C., partner at King & Spalding, wrote in the Chamber’s amicus brief. “The district court’s vastly overbroad approach to class certification will lead to immense pressure on businesses to settle even frivolous claims, leaving them with no choice but to pass their litigation and settlement costs onto consumers, resulting in harm to the economy as a whole.”
Samuel Issacharoff, a professor at New York University School of Law representing the plaintiffs, argued that Marriott took three years to invoke a defense based on its class action waiver, whose language, as written, could include multidistrict litigation.
“Marriott has no one to blame but itself for its poorly drafted language,” he argued in the response brief. “And given the importance of the terms of service, Marriott presumably assigned its best attorneys to the task.”
‘Please Don’t Send This Back’
Marriott’s breach impacted 134 million hotel guests in 2018.
The U.S. Judicial Panel on Multidistrict Litigation coordinated dozens of lawsuits into a single proceeding in the District of Maryland, where then-U.S. District Judge Paul Grimm certified various classes totaling 20 million guests in a 2022 order. But Marriott appealed and, last year, the Fourth Circuit remanded the case after concluding that Grimm, prior to certification, should have considered whether the class action waiver applied for guests who were members of Marriott’s Starwood Preferred Guest Program Terms & Conditions.
Grimm retired from the bench, and the U.S. Judicial Panel on Multidistrict Litigation reassigned the Marriott breach litigation to Bailey, of the Northern District of West Virginia. Bailey asked both sides for a briefing on the class action waiver.
In his order, Bailey found that Marriott had waived 5/6 of a provision in the Starwood contract, most of which focused on the choice of law and venue for disputes. The class action waiver says any disputes “will be handled individually without any class action.”
That included any collective handling, not just class actions, such as multidistrict litigation, he wrote. Moreover, he concluded, Marriott asked that the cases be in Maryland, where it has its headquarters, and not New York, the choice of law venue in its contract.
“The reason, and this was what the district court was pointing to, is they hoped to get out of the case quicker and cheaper,” Issacharoff told the panel. “Here, they sought to get joint discovery, many of the benefits of the aggregation that comes with the MDL process, and as Judge Bailey said, when it didn’t pan out for them, they sought to abandon that altogether by invoking the individual treatment.”
But plaintiffs, in filing their class actions, had initially pursued claims under 31 different contracts, Hellman told the panel.
Matthew Hellman, with Jenner & Block. Courtesy photo
“Plaintiffs were insistent on keeping their options open,” he said. “Marriott relinquished nothing, let alone intentionally.”
In a reply brief, he credited the plaintiffs’ position on “buyers’ remorse,” or choosing the class claims that were subject to a waiver.
The Fourth Circuit agreed to take up Marriott’s interlocutory appeal again earlier this year.
Accenture, which provided data security services for Marriott, also is a defendant facing class certification on the liability of alleged negligence claims. Its opening brief argued to reverse the certification order, which left the case against Accenture with “the same glaring procedural and constitutional deficiencies as before.”
“Please don’t send this back, though, and try again,” Accenture attorney Devin Anderson, of Kirkland & Ellis in Washington, D.C., told the panel. “This court needs to provide guidance.”