*1 On June 5, 2020, Defendant GoDaddy.com, LLC (“GoDaddy”) filed a pair of motions: (1) a motion that challenges Plaintiff SiteLock LLC's (“SiteLock”) decision to designate as “Confidential—For Counsel Only” a particular category of documents that SiteLock recently produced during discovery (Doc. 50) and (2) a motion for a 60-day extension of all case management deadlines (Doc. 57). The motions are fully briefed (Docs. 64, 65, 76, 78) and nobody has requested oral argument. For the following reasons, the first motion will be granted and the second motion will be denied without prejudice.

I. Parties And Claims

This action was initiated in April 2019. (Doc. 1.) In the complaint, SiteLock asserts a variety of claims against GoDaddy arising from a “Reseller Agreement” the parties executed in 2013, “under which GoDaddy agreed to market and sell SiteLock's website security services to GoDaddy's customers ... as part of the larger suite of web services offered by GoDaddy.” (Id. ¶ 3.) “When a customer ordered a subscription to SiteLock's services through GoDaddy's platform, the customer had the right to use the purchased SiteLock service for a set period of time.” (Id. ¶ 4.) “[T]he customer paid GoDaddy for the SiteLock service at the time of the order, regardless of whether the customer later activated or used the service.” (Id.)

SiteLock's primary claim is that “GoDaddy ... breach[ed] the Agreement by willfully failing to pay SiteLock for each customer ‘order’ of a SiteLock ‘subscription.’ ” (Id. ¶ 7.) “Instead, GoDaddy paid SiteLock only if a customer ordered a SiteLock subscription and then subsequently activated SiteLock's services.” (Id.) “That is, if a customer ordered a SiteLock subscription through GoDaddy's platform (and therefore paid GoDaddy for it) but did not subsequently activate the services, GoDaddy pocketed the customer's entire payment without paying SiteLock anything.” (Id.) SiteLock also alleges other contractual breaches, one of which—GoDaddy's alleged “deceptive use of SiteLock's name to promote [GoDaddy's] own competing service,” Sucuri—also serves as the basis for Lanham Act and state-law unfair competition claims. (Id. ¶¶ 10-11.)

GoDaddy disputes these allegations. In the parties’ Rule 26(f) report, it summarized its position as follows:

*2 (Doc. 20 at 5-6.) GoDaddy also contends that SiteLock's remaining contractual claims, Lanham Act claim, and state-law claim lack merit. (Id. at 6-7.)

II. Procedural History

On September 9, 2019, the Court issued the Rule 16 scheduling order. (Doc. 22.) Based on the parties’ representation in their Rule 26(f) report that they “do not currently anticipate the need to add additional parties or amend or supplement the pleadings” (Doc. 20 at 3), the Court set a deadline of October 9, 2019 to amend the pleadings. (Doc. 22 at 1.) Additionally, the Court set a deadline of June 1, 2020 for “final supplementation of MIDP responses and the completion of fact discovery.” (Id. at 2.)

On October 3, 2019, at the parties’ request, the Court issued a protective order. (Doc. 25.)

On February 28, 2020, the parties brought a large number of discovery disputes to the Court's attention. (Docs. 32, 33, 34.) Among other things, the parties disputed whether SiteLock should be required to produce its contracts with other third-party resellers (which GoDaddy had requested in its fifth and seventh requests for production).[1] GoDaddy argued these contracts were discoverable for two reasons: (1) they contain “SiteLock's pricing terms with third parties,” which are relevant to SiteLock's alleged damages; and (2) because this case turns on “the interpretation of various contractual terms” in the Reseller Agreement, GoDaddy is “entitled to discovery regarding ... SiteLock's historical use of definitions in relation to—or constructions of—the key words” in other contracts. (Doc. 34 at 2.) SiteLock disagreed, arguing that (1) its contracts with other third-party resellers are not relevant to damages and (2) “[t]hose separate contracts are irrelevant to the parties’ intent in the separate SiteLock-GoDaddy contract.” (Id. at 3.)

On March 5, 2020, the Court held a two-hour hearing in an attempt to resolve the parties’ discovery disputes. (Doc. 36.) During this hearing, it became increasingly apparent that the parties hadn't adequately met and conferred beforehand. The Court even remarked on this failure in the minute entry issued following the hearing. (Id. at 2 [“The Court reminds counsel that they must meet and confer to resolve discovery issues without the Court's intervention....”].)

As for the dispute over SiteLock's contracts with other third-party resellers, the Court noted that, under the law of at least some states, it is permissible for a party in a breach-of-contract action to present evidence that the opposing party, during dealings with third parties, adopted an interpretation of a particular term that is different from the interpretation being pursued in the pending action.[2] Thus, given that “under Rule 26 the test for ... discoverability isn't whether a particular piece of evidence ultimately will be admissible at trial,” and because “some of these other contracts might end up having some relevance for purposes of figuring out what the parties’ subjective intention was at the time they entered into this contract,” the Court concluded that SiteLock's contracts with other third-party resellers were “within the realm of discoverability.” However, the Court only ordered the production of third-party reseller contracts executed in or before July 2016. (See also Doc. 36 at 2 [“GoDaddy's motion to compel is granted as to RFP #5 and RFP #7, for the reasons discussed on the record.”]; Doc. 67 ¶¶ 4-5 [summarizing outcome of hearing].)

*3 On March 31, 2020, GoDaddy filed a motion requesting a two-month extension of all “outstanding deadlines in this matter” in light of the COVID-19 pandemic and the illness of GoDaddy's counsel. (Doc. 37.) Over SiteLock's opposition (Doc. 42), the Court granted the motion. (Doc. 44.) As a result, the deadline for answers to interrogatories and the production of documents was extended to June 22, 2020, and the deadline for the completion of fact discovery was extended to August 3, 2020. (Id.) In contrast, the deadline for amending the pleadings was not extended (because it had already expired). (Id.)

On June 5, 2020, GoDaddy filed the two motions that are now pending before the Court. (Docs. 50, 57.) GoDaddy also requested expedited consideration of those motions. (Doc. 62.)

On June 19, 2020, SiteLock filed an opposition to each motion. (Docs. 64, 65.)

On June 23, 2020, the parties brought a large number of additional discovery disputes to the Court's attention. (Docs. 70, 71, 72, 73.) Those disputes remain unresolved.

On June 24, 2020, the parties filed a stipulation to extend the deadline for responding to interrogatories and requests for production to July 6, 2020. (Doc. 74.) That request was granted. (Doc. 75.)

On June 26, 2020, GoDaddy filed a reply in support of each motion. (Docs. 76, 78.)

III. Challenge To SiteLock's Confidentiality Designation

As noted, during the hearing on March 5, 2020, the Court granted GoDaddy's motion to compel SiteLock to produce the reseller agreements it had executed with third parties in or before July 2016. At the time, GoDaddy argued that the primary reason it needed the agreements was to evaluate whether SiteLock had taken inconsistent positions during dealings with third parties concerning the meaning of the disputed contractual terms in this case (because such inconsistency might help GoDaddy in its defense of the pending claims). SiteLock began producing its third-party reseller agreements to GoDaddy in late March 2020 and made additional productions during April, May, and June 2020. (Doc. 59 ¶ 3; Doc. 67 ¶¶ 7-9.) When producing these documents, SiteLock designated them, under the protective order, as “Confidential—For Counsel Only.” (Doc. 59 ¶ 3.)

GoDaddy argues this designation is overly restrictive and is interfering with its ability to show the documents to members of legal and finance departments. (Docs. 50, 51.) GoDaddy's counsel avers, in a supporting declaration, that she needs to share the documents in this fashion because she has “a good faith basis to believe that GoDaddy may have further affirmative defenses against SiteLock's claims, as well as compulsory counterclaims against SiteLock for breach of contract and/or fraudulent inducement, based on ... [her] review of the Third Party Reseller Agreements” but she “cannot conduct a fulsome investigation of these affirmative defenses and potential counterclaims ... without discussing the Third Party Reseller Agreements with members of GoDaddy's Legal and Finance Departments.” (Doc. 59 ¶¶ 5-6.)

SiteLock opposes GoDaddy's motion, arguing that it and GoDaddy are now competitors in the same market (due to GoDaddy's acquisition of Sucuri), the third-party reseller agreements contain highly sensitive pricing information that GoDaddy/Sucuri could use to obtain a competitive advantage, and GoDaddy refused to explain, during the meet-and-confer process, why the pricing information in those agreements might support new affirmative defenses and counterclaims in this action. (Doc. 65.)[3]

*4 In its reply, GoDaddy accuses SiteLock of misrepresenting the parties’ meet-and-confer discussions and misstating the holdings of certain cases. (Doc. 78.) GoDaddy also faults SiteLock for seeking more information about the nature of its potential new counterclaims and affirmative defenses, arguing that such information constitutes “textbook attorney opinion work product—i.e., counsel's specific mental impressions as to the potential counterclaims available to GoDaddy based on its review of the Third Party Reseller Agreements.” (Id. at 2-3.) On the merits, GoDaddy argues that SiteLock hasn't met its burden of demonstrating that the pricing information contained in the third-party reseller agreements is highly sensitive because (1) all of the agreements are at least four years old, and thus are “likely expired or [have] been re-negotiated,” (2) SiteLock should have already disclosed those pricing terms to GoDaddy pursuant to the “most favored nation” clause in the Reseller Agreement, (3) the declaration that SiteLock submitted in support of its sensitivity concerns was only made “on information and belief,” and the declarant is the subject of fraud allegations in a different lawsuit, (4) SiteLock's decision to file the Reseller Agreement as part of the public docket in this action is inconsistent with the notion that its similar agreements with other parties are highly sensitive, and (5) SiteLock has not consistently safeguarded its pricing information, as evidenced by the fact that it disclosed that information to GoDaddy when negotiating the Reseller Agreement. (Id. at 3-6.) Alternatively, GoDaddy argues that “even if the Third Party Reseller Agreements are entitled to maximum trade secret protection under Ninth Circuit law, the needs of this case still require, at a minimum, that four members of GoDaddy's Legal and Finance Departments be permitted to determine if the terms of those Agreements violate the terms of SiteLock's Reseller Agreement with GoDaddy.” (Id. at 6-11.)

The resolution of GoDaddy's challenge to SiteLock's confidentiality designation ultimately boils down to the burden of proof. SiteLock argues that GoDaddy's motion should be denied because GoDaddy “has refused to disclose” why it believes the third-party reseller contracts might support new counterclaims and affirmative defenses and, “[a]s a result, GoDaddy cannot meet its burden of showing that it should be permitted to disclose all of these sensitive contracts to its in-house personnel.” (Doc. 65 at 2.)

The Court tends to share SiteLock's frustration over GoDaddy's refusal to explain, with any specificity, why the pricing information contained in the agreements might somehow give rise to an entirely new set of claims in this case. GoDaddy stated in the Rule 26(f) report, filed nearly a year ago, that it didn't intend to assert any new counterclaims or affirmative defenses. GoDaddy then stated, during the hearing in March 2020, that it needed the third-party reseller agreements for a specific purpose—to undermine SiteLock's position regarding the proper construction of certain terms in the parties’ contract. Given this backdrop, it is understandable why SiteLock might view GoDaddy's current position with some skepticism.

Nevertheless, GoDaddy's motive for challenging the confidentiality designation is ultimately irrelevant. When, as here, a protective order is entered by stipulation of the parties (i.e., without a good cause finding by the court), and a dispute later arises as to whether certain documents were properly designated as confidential under the protective order, the burden of proof falls onto the party seeking to defend the confidentiality designation. See, e.g., In re Roman Catholic Archbishop of Portland, Or., 661 F.3d 417, 424 (9th Cir. 2011) (“If a party takes steps to release documents subject to a stipulated order, the party opposing disclosure has the burden of establishing that there is good cause to continue the protection of the discovery material.”); Phillips ex rel. Estates of Byrd v. Gen. Motors Corp., 307 F.3d 1206, 1211 n.1 (9th Cir. 2002) (“[T]he burden of proof will remain with the party seeking protection when the protective order was a stipulated order.”) (citation omitted).

Here, the protective order stated that documents could be designated as “Confidential—For Counsel Only” “only if, in the good faith belief of [the designating] party and its Counsel, the information is among that considered to be most sensitive by the party, including but not limited to trade secret or other confidential research, development, financial, customer related data or other commercial information.” (Doc. 25 ¶ 1(b).) The protective order also made clear that, “[a]t any stage of these proceedings, any party may object to a designation of Materials as Confidential Information.” (Id. ¶ 10.) Thus, the burden falls onto SiteLock to justify its decision to designate its third-party reseller agreements as “Confidential—For Counsel Only.”

*5 SiteLock has not met this burden. The sole evidence that SiteLock submits to support its designation is a half-page declaration from its co-founder and chief innovation officer, Neill Feather. (Doc. 66.) In this declaration, Feather states that SiteLock “consider[s] [its] agreements with [third-party] business partners to be among [its] most competitively sensitive documents ... [because they] reflect the structures of [SiteLock's] various economic arrangements with [its] business partners, including the prices [it] charge[s] these partners for [its] services” (id. ¶ 3), that Sucuri, which is owned by GoDaddy, “directly competes with SiteLock for the business of hosting companies” (id. ¶ 4), and that “[i]t would be very damaging to SiteLock's competitive position with Sucuri if GoDaddy's employees had access to SiteLock's full range of agreements with its hosting-company business partners” because “GoDaddy and Sucuri would learn SiteLock's range of relationship and pricing structure across [its] business, and [GoDaddy] could take steps to undercut SiteLock or otherwise attack SiteLock's relationships with key business partners” (id. ¶ 5).

Although these assertions may make sense in the abstract, they fail to account for the specifics of this case. The Court only ordered SiteLock to produce the third-party reseller agreements it executed in or before July 2016. Thus, the contracts at issue are at least four years old. The Feather declaration contains no information as to whether the pricing terms in those old contracts remain in effect.[4] This significantly diminishes the Court's concern over the competitive ramifications of disclosing that information to GoDaddy. Additionally, GoDaddy has submitted evidence that, during the parties’ negotiation of the Reseller Agreement in 2013, SiteLock disclosed the prices it was charging a different reseller. (Doc. 56-12.) This undermines the assertion that SiteLock consistently treats its pricing information as highly sensitive. Finally, and in a related vein, the Reseller Agreement contained a “most favored nation” clause under which SiteLock agreed that the prices it was charging GoDaddy were its lowest prices. This further undermines the notion that SiteLock could have reasonably expected that its third-party pricing terms would be off-limits to GoDaddy.

This does not mean that SiteLock's third-party reseller agreements are now fair game for public disclosure. The Court accepts Feather's assertion that, in general, SiteLock's pricing terms and structures constitute sensitive information akin to a trade secret. The Court's narrow ruling is that, under the facts of this case, SiteLock hasn't met its burden of establishing that a “Confidential—For Counsel Only” designation—which is the most restrictive designation available under the protective order and would prevent GoDaddy's counsel from even sharing the documents, in a confidential manner, with other GoDaddy personnel—is appropriate. Thus, SiteLock must re-designate the documents as “Confidential” under the protective order.[5] (Doc. 25 ¶ 1(a) [“Any party may designate information as ‘CONFIDENTIAL’ only if, in the good faith belief of such party and its Counsel, the unrestricted disclosure of such information could be harmful to the business or operations of such party.”].)[6]

IV. Extension Request

*6 In addition to challenging SiteLock's confidentiality designation, GoDaddy filed a related motion for a 60-day extension of all case management deadlines. (Doc. 57, 58.) GoDaddy argues that it needs more time to investigate its potential new affirmative defenses and counterclaims, that it has been diligent in pursuing those affirmative defenses and counterclaims (because it only discovered their potential viability after receiving the third-party reseller agreements), that good cause exists and is amplified by the compulsory nature of the counterclaims it is investigating, and that denying relief would lead to inefficiency and the duplication of effort (because, inter alia, many depositions are currently scheduled for July 2020 and some of those witnesses would need to be re-deposed if it subsequently obtained permission to assert new affirmative defenses and counterclaims). (Id.)

SiteLock opposes this extension request, arguing that GoDaddy failed to adequately meet-and-confer before filing its motion, that GoDaddy hasn't been diligent (because it received the third-party reseller agreements in March 2020 but didn't seek relief until June 2020), that GoDaddy cannot demonstrate good cause (because it hasn't explained with precision why the third-party reseller agreements might support additional affirmative defenses and counterclaims), and that an extension would be prejudicial because GoDaddy's current request is part of a larger pattern of “delay-after-delay [that] illustrates its strategy of attrition.” (Doc. 64.)

GoDaddy's motion will be denied without prejudice. At bottom, GoDaddy is seeking to extend an array of case management deadlines based on the possibility that it may, in the future, determine that it wishes to assert new counterclaims and affirmative defenses. This request strikes the Court as premature. GoDaddy very well may determine, after sharing the third-party reseller agreements with its legal and business staff, that it doesn't have a basis for asserting any new claims. In that scenario, no extension would be needed.

Moreover, the deadline for amending the pleadings expired a long time ago (October 2019), so it is not a fait accompli that GoDaddy would be allowed to assert new counterclaims and affirmative defenses even if it concluded, following its review of the third-party reseller agreements, that such claims were potentially viable. Instead, GoDaddy would have the burden of demonstrating good cause for failing to comply with the October 2019 amendment deadline, and that inquiry would turn primarily on GoDaddy's diligence.[7] As noted in Part II supra, GoDaddy refuses to explain the nature of its potential new claims. Although this coyness doesn't undermine GoDaddy's ability to challenge SiteLock's confidentiality designation, it does undermine GoDaddy's attempt to obtain a blanket extension of all case management deadlines—without more information about the nature of the potential new claims, the Court has no way of evaluating whether they are claims that GoDaddy should have reasonably anticipated at the start of the case.

Thus, the case management deadlines will remain unchanged for the time being. If, in the future, GoDaddy chooses to seek permission to amend its pleading, it can file an appropriate motion. At that point, the Court will have a concrete, developed record on which to evaluate whether good cause for the amendment (and any associated extension of the case management deadlines) exists.

*7 Accordingly,

IT IS ORDERED that:

(1) GoDaddy's first motion (Doc. 50), which seeks relief pursuant to the protective order, not “from” it, is granted. SiteLock must change the designation of its third-party reseller agreements from “CONFIDENTIAL—FOR COUNSEL ONLY” to “CONFIDENTIAL.”

(2) GoDaddy's second motion (Doc. 57) is denied without prejudice.

(3) SiteLock's motion to seal (Doc. 68) is granted. The Clerk of Court shall file under seal the exhibits at Docs. 54, 55, 56, and 61.