In Re: iPhone/iPad Application Consumer Privacy Litigation
Filing
8
ORDER Granting Defendants' Motions to Dismiss With Leave to Amend. Signed by Judge Koh on 9/20/2011. (lhklc3, COURT STAFF) (Filed on 9/20/2011)
1
2
3
4
5
6
7
8
9
United States District Court
For the Northern District of California
10
UNITED STATES DISTRICT COURT
NORTHERN DISTRICT OF CALIFORNIA
SAN JOSE DIVISION
11
12
13
14
15
16
IN RE IPHONE APPLICATION LITIG.
)
)
)
)
)
)
)
)
)
Case No.: 11-MD-02250-LHK
ORDER GRANTING DEFENDANTS’
MOTIONS TO DISMISS FOR LACK OF
ARTICLE III STANDING WITH LEAVE
TO AMEND
A putative nationwide class of plaintiffs bring suit against Apple, Inc., Admob, Inc., Flurry,
17
Inc., Mobclix, Pinch Media, Inc., Trafficmarketplace.com, Inc., Mellenial Media, AdMarval, Inc.,
18
and Quattro Wireless Inc. (aside from Apple, collectively “Mobile Industry Defendants”) for
19
alleged violations of federal and state law. Plaintiffs are United States’ residents who use mobile
20
devices manufacture by Apple that operate Apple’s “iOS” proprietary operating systems, or what
21
Plaintiffs refer to as iDevices (e.g., iPhone, iPad, and iPod Touch). Plaintiffs claim that Defendants
22
violated their privacy rights by unlawfully allowing third party applications (“apps”) that run on the
23
iDevices to collect and make use of, for commercial purposes, personal information without user
24
consent or knowledge. Apple and the Mobile Industry Defendants have each filed motions to
25
dismiss on various grounds, including lack of Article III standing, consent to privacy agreements,
26
failure to join necessary and indispensible parties (i.e., the apps), and additional claim-specific
27
reasons. The Court held a hearing on these motions on September 8, 2011. For the reasons
28
explained below, the Court GRANTS Defendants’ motions to dismiss on the ground that Plaintiffs
1
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
have failed to allege sufficient facts establishing Article III standing. Plaintiffs are given leave to
2
amend to cure the deficiencies identified below.
3
I. BACKGROUND
4
Plaintiffs in these consolidated actions (“In Re iPhone Application Litigation”) allege that
Defendants have committed, and are continuing to commit, privacy violations by illegally
6
collecting, using, and distributing iPhone, iPad, and App Store users’ personal information. See
7
generally First Consolidated Class Action Complaint (“Consolidated Complaint”) [dkt. #71]. The
8
first two of these consolidated actions were filed on December 23, 2010. See Lalo v. Apple, Inc.,
9
et al., 10-cv-05878-LHK (the “Lalo Action”) and Freeman v. Apple, Inc., et al., 10-cv05881-LHK
10
United States District Court
For the Northern District of California
5
(the “Freeman Action”). Other actions in this District and throughout the country have followed.1
11
These other actions, filed throughout the country, involve substantially similar allegations against
12
Apple and other Defendants. On August 25, 2011, the Judicial Panel on Multidistrict Litigation
13
(“MDL Panel”) issued a Transfer Order, centralizing these actions in the Northern District of
14
California before the undersigned. See August 25, 2011 Transfer Order in MDL No. 2250 [dkt.
15
#1].
16
Unless otherwise noted, the following allegations are taken from the Consolidated
17
Complaint and are presumed to be true for purposes of ruling upon Defendants’ motions to dismiss.
18
To date, nearly 200 million iDevices have been sold worldwide. Consol. Compl. ¶ 27. Since
19
launching its mobile device business, Apple has sought to “completely control the user
20
experience.” Id. at ¶ 26. The iDevices enable users to download apps only via Apple’s “App
21
Store” application and website. Id. at ¶ 34. There is no dispute that signing up for the App Store is
22
free. Apple represents to users of the App Store that it “takes precautions – including
23
administrative, technical, and physical measures – to safeguard your personal information against
24
25
1
26
27
28
The other, currently consolidated actions are: Chiu v. Apple, Inc., 11-cv-00407-LHK
(filed on January 27, 2011) and Rodimer v. Apple, Inc., et al., 11-cv-00700-LHK (filed on
February 15, 2011). Three other actions have recently been related to the In Re iPhone Application
Litigation: Gupta v. Apple, Inc., 11-cv-02110-LHK (filed on April 28, 2011); Velez-Colon v.
Apple, Inc., 11-cv-02270-LHK (filed on May 9, 2011); and Normand v. Apple, Inc., 11-cv-02317LHK (filed on May 10, 2011).
2
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
theft, loss, and misuse, as well as against unauthorized access, disclosure, alteration, and
2
destruction.” Id. at ¶ 36.
3
There are several hundred thousand apps available from the App Store created by third
4
party developers. Id. at ¶ 39. Some are free of charge, while others are sold for a fee. Apple
5
exercises tight control over the types of apps it allows into the App Store, and whether an app is
6
allowed to be sold in the App Store is completely within Apple’s discretion. Id. at ¶ 41. Even after
7
the user downloads an approved app from the App Store, Apple maintains control by requiring that
8
the “end-user-license-agreement,” or EULA, have a clause giving Apple the third-party beneficiary
9
right to enforce the EULA against the end-user. Id. at ¶ 43.
United States District Court
For the Northern District of California
10
Plaintiffs allege that, despite Apple’s public statements about protecting user privacy,
11
Apple’s privacy practices and design of the iOS system “permit apps that subject consumers to
12
privacy exploits and security vulnerabilities.” Id. at ¶ 56. For example, Apple’s design of the
13
iDevices allow apps, without consent of the users, to access, use, and track the following
14
information: address book, cell phone numbers, file system, geolocation, International Mobile
15
Subscriber Identity (IMSI), keyboard cache, photographs, SIM card serial number, and unique
16
device identifier (UDID). Id. at ¶ 58. Moreover, nothing in Apple’s “click-through agreement” for
17
the App Store would put a reasonable consumer on notice that the iDevice and apps allow users to
18
be tracked and have their personal information accessed.
19
Plaintiffs further allege that the Mobile Industry Defendants “exploit” this access to
20
consumer data by using code to access personal information on the iDevices without the user’s
21
permission or knowledge. Id. at ¶ 63. The Mobile Industry Defendants are thus able to learn
22
“highly personal details.” Prior to Apple’s January 2010 purchase of Defendant Quattro Wireless,
23
Apple removed several apps from the App Store over concerns regarding privacy violations in
24
which the apps would collect and track personal data without authorization. Id. at ¶ 65. Despite
25
criticism, Apple has taken no steps to fix the continuing privacy violations. As a result, the Mobile
26
Industry Defendants continue to have the ability to access and track personal information of
27
consumers. Id. at ¶ 67. Although this personal information is not necessary to the functioning of
28
3
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
the apps, the Mobile Industry Defendants are able to use the personal information for advertising
2
and analytics purposes. Id. at ¶ 69.
3
Plaintiffs consider the information found, and allegedly accessed and tracked, on the
4
iDevices to be personal and private information. Id. at ¶ 74. Plaintiffs allege that the Mobile
5
Industry Defendants (but not Apple) “exceeded the scope of any authorization” that could have
6
been granted by Plaintiffs at the time of downloading and using apps. Id. at ¶ 78. Moreover, the
7
Mobile Industry Defendants “use the merger of personal information to effectively or actually de-
8
anonymize consumers.” Id. at ¶ 81. Accordingly, the Mobile Industry Defendants
9
“misappropriated” Plaintiffs’ personal information. Id. at ¶ 84.
United States District Court
For the Northern District of California
10
For strategic or other purposes, Plaintiffs have not named any app developers as Defendants
11
in the Consolidated Complaint. Plaintiffs have represented to the Court that Plaintiffs worked out
12
tolling agreements with some of the app developers sued in the original Complaint, and may bring
13
the app developers back into the action if necessary.
14
The Consolidated Complaint contains eight claims: (1) Negligence against Apple only; (2)
15
Violation of Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030; (3) Computer Crime
16
Law, Cal. Penal Code § 502; (4) Trespass on Chattel; (5) Consumer Legal Remedies Act
17
(“CLRA”), Cal. Civ. Code § 1750 against Apple only; (6) Unfair Competition under Cal. Bus. &
18
Prof. Code § 17200; (7) Breach of Covenant of Good Faith and Fair Dealing; and (8) Unjust
19
Enrichment.
20
II. ANALYSIS
21
Apple and the Mobile Industry Defendants have each filed motions to dismiss. Defendants
22
essentially make five arguments. First, all Defendants argue that Plaintiffs lack Article III standing
23
because Plaintiffs do not allege an injury in fact or a causal connection between Defendants (as
24
opposed to the app developers) and Plaintiffs’ purported injury. Second, Apple alleges that its
25
privacy agreements with customers, including Plaintiffs, bar Plaintiffs’ claims. Third, the Mobile
26
Industry Defendants allege that Plaintiffs’ allegations against them are insufficient under Rule 8 as
27
vague, conclusory and undifferentiated. Fourth, all Defendants argue that joinder of the app
28
developers is necessary for a complete resolution of this action, but is not feasible in light of the
4
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
number (potentially tens of thousands) of app developers involved. Finally, Defendants argue that
2
each of Plaintiffs’ eight claims for relief is deficient for some claim-specific reason.
3
A. Article III Standing
4
Defendants first argue that Plaintiffs’ allegations do not establish an actual injury or harm
5
for the allegedly unauthorized collection or tracking of their personal information or that Apple has
6
a duty to prevent third party app developers from collecting or using Plaintiffs’ personal
7
information. An Article III federal court must ask whether a plaintiff has suffered sufficient injury
8
to satisfy the “case or controversy” requirement of Article III of the U.S. Constitution. To satisfy
9
Article III, a plaintiff “must show that (1) it has suffered an ‘injury in fact’ that is (a) concrete and
United States District Court
For the Northern District of California
10
particularized and (b) actual or imminent, not conjectural or hypothetical; (2) the injury is fairly
11
traceable to the challenged action of the defendant; and (3) it is likely, as opposed to merely
12
speculative, that the injury will be redressed by a favorable decision.” Friends of the Earth, Inc. v.
13
Laidlaw Envtl. Sys. (TOC), Inc., 528 U.S. 167, 180-81 (2000).
14
A suit brought by a plaintiff without Article III standing is not a “case or controversy,” and
15
an Article III federal court therefore lacks subject matter jurisdiction over the suit. Steel Co. v.
16
Citizens for a Better Environment, 523 U.S. 83, 101 (1998). In that event, the suit should be
17
dismissed under Rule 12(b)(1). See Steel Co., 523 U.S. at 109-110. The injury required by Article
18
III may exist by virtue of “statutes creating legal rights, the invasion of which creates standing.”
19
See Edwards v. First Am. Corp., 610 F.3d 514, 517 (9th Cir. 2010) (quoting Warth v. Seldin, 422
20
U.S. 490, 500 (1975)). In such cases, the “standing question . . . is whether the constitutional or
21
statutory provision on which the claim rests properly can be understood as granting persons in the
22
plaintiff’s position a right to judicial relief.” Id. (quoting Warth, 422 U.S. at 500)).
23
1. Injury in Fact
24
At least one named plaintiff must have suffered injury an injury in fact. See Lierboe v.
25
State Farm Mut. Auto. Ins. Co., 350 F.3d 1018, 1022 (9th Cir. 2003) (“[I]f none of the named
26
plaintiffs purporting to represent a class establishes the requisite of a case or controversy with the
27
defendants, none may seek relief on behalf of himself or any other member of the class.”). Apple
28
and the Mobile Industry Defendants argue that Named Plaintiffs have failed to allege concrete,
5
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
particularized injuries in fact to themselves, as opposed to “consumers” in general, and that the
2
tracking or disclosure of personal information does not establish an “economic loss” sufficient to
3
find an injury in fact. Plaintiffs respond that the Consolidated Complaint alleges at least three
4
types of injury in fact: (1) misappropriation or misuse of personal information; (2) diminution in
5
value of the personal information, which is an “asset of economic value” due to its scarcity; and (3)
6
“lost opportunity costs” in having installed the apps, and diminution in value of the iDevices
7
because they are “less secure” and “less valuable” in light of the privacy concerns.
8
9
The Court does not take lightly Plaintiffs’ allegations of privacy violations. However, for
purposes of the standing analysis under Article III, Plaintiffs’ current allegations are clearly
United States District Court
For the Northern District of California
10
insufficient. First, Defendants are correct. Despite a lengthy Consolidated Complaint, Plaintiffs do
11
not allege injury in fact to themselves. This failure alone is sufficient reason to dismiss the
12
Consolidated Complaint. See Birdsong v. Apple, Inc., 590 F.3d 955, 960-61 (9th Cir. 2009) (“The
13
plaintiffs have not shown the requisite injury to themselves and therefore lack standing” under
14
Article III.) In Birdsong, the Ninth Circuit considered allegations that use of an Apple iPod, which
15
has the capability to produce sound as loud as 120 decibels, created a risk of hearing loss.
16
However, the Ninth Circuit ruled:
17
The plaintiffs do not claim that they suffered or imminently will suffer hearing loss from
their iPod use. The plaintiffs do not even claim that they used their iPods in a way that
exposed them to the alleged risk of hearing loss. At most, the plaintiffs plead a potential
risk of hearing loss not to themselves, but to other unidentified iPod users who might
choose to use their iPods in an unsafe manner. The risk of injury the plaintiffs allege is not
concrete and particularized as to themselves.
18
19
20
Id.
21
The same reasoning applies to Plaintiffs’ allegations here. In the Consolidated Complaint,
22
Plaintiffs do not identify what iDevices they used, do not identify which Defendant (if any)
23
accessed or tracked their personal information, do not identify which apps they downloaded that
24
access/track their personal information, and do not identify what harm (if any) resulted from the
25
access or tracking of their personal information. The allegations are especially slim with respect to
26
Defendant Apple. The Consolidated Complaint only alleges that the Mobile Industry Defendants
27
(without differentiation) tracked and accessed personal information for commercial and marketing
28
6
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
purposes. See, e.g., Consol. Compl. at ¶¶ 77-78, 83-84 (alleging misappropriation of personal
2
information and unauthorized access to personal information by Mobile Industry Defendants, but
3
not Apple).
4
Plaintiffs’ current allegations suffer from another deficiency. Plaintiffs have not identified
5
a concrete harm from the alleged collection and tracking of their personal information sufficient to
6
create injury in fact. Although not binding, a recent case from the Central District of California is
7
instructive. See Genevive La Court v. Specific Media, Case No. SACV-10-1256-JW, 2011 U.S.
8
Dist. LEXIS 50543 (C.D. Cal. Apr. 28, 2011). In Specific Media, plaintiffs accused an online third
9
party ad network, Specific Media, of installing “cookies” on their computers to circumvent user
United States District Court
For the Northern District of California
10
privacy controls and to track internet use without user knowledge or consent. The court, however,
11
held that plaintiffs lacked Article III standing because: (1) they had not alleged that any named
12
plaintiff was actually harmed by defendant’s alleged conduct; and (2) they had not alleged any
13
“particularized example” of economic injury or harm to their computers, but instead offered only
14
abstract concepts, such as “opportunity costs,” “value-for-value exchanges,” “consumer choice,”
15
and “diminished performance.” Id. at *7-13. Other cases have held the same. See In re
16
Doubleclick, Inc., Privacy Litig., 154 F. Supp. 2d 497, 525 (S.D.N.Y. 2001) (“cookies” case,
17
holding that unauthorized collection of personal information by a third-party is not “economic
18
loss”); see also In re JetBlue Airways Corp., Privacy Litig., 379 F. Supp. 2d 299, 327 (E.D.N.Y.
19
2005) (airline’s disclosure of passenger data to third party in violation of airline’s privacy policy
20
had no compensable value). The same is true here: Plaintiffs have not yet articulated a “coherent
21
and factually supported theory” of injury. Plaintiffs have stated general allegations about the
22
Mobile Industry Defendants, the market for apps, and similar abstract concepts (e.g., lost
23
opportunity costs, value-for-value exchanges), but Plaintiffs have not identified an actual injury to
24
themselves sufficient for Article III standing.
25
Plaintiffs cite two cases that are supposedly to the contrary. However, both cases are
26
distinguishable. In Doe 1 v. AOL LLC, the court was “persuaded that Plaintiffs’ allegations are
27
sufficient to demonstrate standing for purposes of seeking injunctive relief. The Complaint alleges
28
that AOL engages in a practice and policy of storing search queries containing confidential
7
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
information, and that it has taken no steps to ensure that such information is not disclosed again in
2
the future.” See Doe 1 v. AOL LLC, 719 F. Supp. 2d 1102, 1109 (N.D. Cal. 2010) (finding Article
3
III standing requirements for the purposes of injunctive relief are met when Plaintiffs’ alleged that
4
AOL continued to publicly disclose Plaintiffs’ highly sensitive personal information). The
5
information publicly disclosed included credit card numbers, social security numbers, financial
6
account numbers, and information regarding AOL members’ personal issues, including sexuality,
7
mental illness, alcoholism, incest, rape, and domestic violence. Id. at 1111. Plaintiffs’ current
8
allegations here come nowhere close to the specific allegations of public disclosure on the Internet
9
of highly sensitive personal information in AOL. Nor do Plaintiffs identify any active role on the
United States District Court
For the Northern District of California
10
11
part of Defendants in disclosing to the public such highly sensitive personal information.
Plaintiffs also cite In re Facebook Privacy Litig., Case No. 10-02839-JW, 2011 U.S. Dist.
12
LEXIS 60604 (N.D. Cal. May 12, 2011), as a case supporting their argument for standing. Not so.
13
In the Facebook Privacy Litigation, the court held that plaintiffs had standing under the Wiretap
14
Act. See id. at *13-14 (“the Court finds that Plaintiffs allege a violation of their statutory rights
15
under the Wiretap Act, 18 U.S.C. §§ 2510, et seq. The Wiretap Act provides that any person
16
whose electronic communication is ‘intercepted, disclosed, or intentionally used’ in violation of the
17
Act may in a civil action recover from the entity which engaged in that violation. 18 U.S.C.
18
§ 2520(a). Thus, the Court finds that Plaintiffs have alleged facts sufficient to establish that they
19
have suffered the injury required for standing under Article III.”). In the instant action, however,
20
Plaintiffs have not made a claim under the Wiretap Act. Moreover, statutory standing under the
21
Wiretap Act does not require a separate showing of injury, but merely provides that any person
22
whose electronic communication is “intercepted, disclosed, or intentionally used” in violation of
23
the Act may in a civil action recover from the entity which engaged in that violation. See 18
24
U.S.C. § 2520(a). Plaintiffs, in the instant case, do not allege a violation of an analogous statute
25
which does not require a showing of injury.
26
27
In sum, as in Specific Media, “[i]t is not obvious that Plaintiffs cannot articulate some
actual or imminent injury in fact. It is just that at this point they haven’t offered a coherent and
28
8
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
factually supported theory of what that injury might be.” See Specific Media, 2011 U.S. Dist.
2
LEXIS 50543 at *15.
3
4
2. Causation: Fairly Traceable to Defendants’ Actions
Plaintiffs have also failed to allege any injury fairly traceable to Apple or to the Mobile
Industry Defendants. In fact, Plaintiffs fail to differentiate among the eight Mobile Industry
6
Defendants making it impossible to decipher, based on the current allegations, any causal chain.
7
First, as noted above, there is no allegation that Apple misappropriated data, so there is no nexus
8
between the alleged harm and Apple’s conduct. Plaintiffs’ only allegation is that Apple “designed”
9
a platform in which Mobile Industry Defendants and absent app developers could possibly engage
10
United States District Court
For the Northern District of California
5
in harmful acts (Consol. Comp., ¶¶ 58, 61, 67), or that Apple’s platform caused “users’ iDevices to
11
be able to maintain, synchronize, and retain detailed, unencrypted location history files.” Id. at ¶¶
12
125, 140. These “conjectural” or speculative allegations about the risk of harm do not suffice for
13
purposes of Article III Standing. See Birdsong, 590 F.3d at 961 (rejecting argument for standing
14
because “the conjectural and hypothetical nature of the alleged injury as the plaintiffs merely assert
15
that some iPods have the ‘capability’ of producing unsafe levels of sound and that consumers
16
‘may’ listen to their iPods at unsafe levels combined with an ‘ability’ to listen for long periods of
17
time.”); compare Hepting v. AT&T Corp., 439 F. Supp. 2d 974 1001 (N.D. Cal. 2006) (finding that
18
plaintiffs had standing where the allegations were that AT&T actively partnered to intercept and
19
monitor customer phone lines).
20
The Court, thus, grants Defendants’ motion to dismiss for lack of standing with leave to
21
amend. Plaintiffs are on notice, however, that any amended complaint must provide specific
22
allegations with respect to the causal connection between the exact harm alleged (whatever it is)
23
and each Defendants’ conduct or role in that harm.
24
B. Defendants’ Alternative Arguments
25
In light of the Plaintiffs’ failure to allege facts sufficient to support Article III standing, a
26
lengthy analysis of Defendants’ other arguments is unnecessary at this time. Nonetheless, the
27
Court notes additional deficiencies in the allegations in the event that Plaintiffs choose to file an
28
amended complaint.
9
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
2
1. Privacy Agreements
The Court may consider agreements between the Plaintiffs and Apple under the
3
incorporation by reference doctrine on a motion to dismiss. See, e.g., Rubio v. Capital One Bank,
4
613 F.3d 1195, 1199 (9th Cir. 2010) (reviewing disclosure agreements in a TILA action); In re
5
Gilead Scis. Sec. Litig., 536 F.3d 1049, 1055 (9th Cir. 2008).
6
Apple argues that all Plaintiffs’ injuries are alleged to arise from the Plaintiffs’ use of third-
7
party apps on their iDevices. Since Apple’s “click-through” agreements with Plaintiffs govern any
8
potential liability for third-party apps that Plaintiffs use on their iOS Devices, Apple argues that the
9
express terms and conditions of those agreements bar claims for the alleged injuries. For example,
United States District Court
For the Northern District of California
10
Plaintiffs’ claims against Apple for Mobile Industry Defendants’ receipt and use of device
11
information through the operation of apps are barred by “App Store Terms of Service.” See Decl.
12
of James F. McCabe (“McCabe Decl.”), Exh. F, “License of Mac App Store and App Store
13
Products”, at p.12) (“The Application Provider of each Third-Party Product is solely responsible
14
for that Third-Party Product.”). In addition, Apple argues that Plaintiffs’ claims against Apple for
15
the design of iOS are barred by the iOS Software License Agreements (“User SLAs”). See
16
McCabe Decl., Exh. A, B, C, D, and F) (e.g., Exh. F, “Disclaimer of Warranties; Liability
17
Limitations”, at p.11, “YOUR SUBMISSION OF SUCH INFORMATION IS AT YOUR SOLE
18
RISK”).
19
Plaintiffs respond that the App Store “Terms of Service” agreement amounts to an unlawful
20
“contract of adhesion.” A court may deem a contract provision unconscionable, and therefore
21
unenforceable, only if it is both procedurally and substantively unconscionable. See Armendariz v.
22
Foundation Health Psychcare Services, Inc., 24 Cal. 4th 83, 114 (Cal. 2000). “The procedural
23
element of unconscionability focuses on two factors: oppression and surprise. ‘Oppression’ arises
24
from an inequality of bargaining power which results in no real negotiation and “an absence of
25
meaningful choice. ‘Surprise’ involves the extent to which the supposedly agreed-upon terms of
26
the bargain are hidden in a prolix printed form drafted by the party seeking to enforce the disputed
27
terms. The substantive element of unconscionability focuses on the actual terms of the agreement
28
10
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
and evaluates whether they create ‘overly harsh’ or ‘one-sided’ results as to ‘shock the
2
conscience.’” See Aron v. U-Haul Co. of California, 143 Cal. App. 4th 796, 808 (2006).
3
Here, Plaintiffs have difficulties both with respect to the procedural and substantive element
of unconscionability. Procedurally, “[t]he availability of alternative sources from which to obtain
5
the desired service defeats any claim of oppression, because the consumer has a meaningful
6
choice.” See, e.g., Freeman v. Wal-Mart Stores, Inc., 111 Cal. App. 4th 660, 670 (2003).
7
“Moreover, when the challenged term is in a contract concerning a nonessential recreational
8
activity, the consumer always has the option of simply forgoing the activity.” Belton v. Comcast
9
Cable Holdings, LLC, 151 Cal. App. 4th 1224, 1245 (Cal. App. 1st Dist. 2007). Plaintiffs have
10
United States District Court
For the Northern District of California
4
alternatives to the iDevices. In addition, apps such as “Angry Birds” or “Plants versus Zombies”
11
are nonessential recreational activities.
12
At this point, however, the Court is not prepared to rule that Apple’s privacy agreements
13
establish an absolute bar to Plaintiffs’ claims. In any amended complaint, Plaintiffs must explain
14
why Apple should be held responsible for privacy violations despite Apple’s apparent privacy
15
agreements with customers, including Plaintiffs.
16
2. Rule 8 Pleading: Conclusory Allegations as to Mobile Industry Defendants
17
A complaint may be dismissed for failure to state a claim upon which relief can be granted
18
for one of two reasons: (1) lack of a cognizable legal theory, or (2) insufficient facts under a
19
cognizable legal theory. See Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007); see also
20
Mendiondo v. Centinela Hosp. Med. Ctr., 521 F.3d 1097, 1104 (9th Cir. 2008) (“Dismissal under
21
Rule 12(b)(6) is appropriate only where the complaint lacks a cognizable legal theory or sufficient
22
facts to support a cognizable legal theory.”). A motion to dismiss should be granted if the
23
complaint does not proffer enough facts to state a claim for relief that is plausible on its face. See
24
Twombly, 550 U.S. at 558-59.
25
The Mobile Industry Defendants persuasively argue that, by lumping all eight of them
26
together, Plaintiffs have not stated sufficient facts to state a claim for relief that is plausible against
27
one Defendant. Mobile Industry Defendants are correct. Plaintiffs’ failure to allege what role each
28
Defendant played in the alleged harm makes it exceedingly difficult, if not impossible, for
11
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
individual Defendants to respond to Plaintiffs’ allegations. In any amended complaint, Plaintiffs
2
must identify what action each Defendant took that caused Plaintiffs’ harm, without resort to
3
generalized allegations against Defendants as a whole.
4
5
3. Necessary and Indispensable Parties
Fed. R. Civ. P. 12(b)(7) authorizes this Court to dismiss an action if a plaintiff has failed “to
6
join a party under Rule 19.” Fed. R. Civ. P. 19(a) provides, inter alia, that a person “must be
7
joined as a party” if “in that person’s absence, the court cannot accord complete relief among
8
existing parties.” If that required person cannot be joined, then “the court must determine
9
whether, in equity and good conscience, the action should proceed among the existing parties or
United States District Court
For the Northern District of California
10
should be dismissed.” Fed. R. Civ. P. 19(b). The Rule 19 inquiry is “fact specific,” and the party
11
seeking dismissal has the burden of persuasion. See Makah Indian Tribe v. Verity, 910 F.2d 555,
12
558 (9th Cir. 1990). “In determining whether a party is ‘necessary’ under Rule 19(a), a court must
13
consider whether ‘complete relief’ can be accorded among the existing parties, and whether the
14
absent party has a ‘legally protected interest’ in the subject of the suit.” See Shermoen v. U.S., 982
15
F.2d 1312, 1317 (9th Cir. 1992) (citation omitted). A party is also “necessary” if disposing of the
16
action in the person’s absence may “(i) as a practical matter impair or impede the person’s ability
17
to protect the interest; or (ii) leave an existing party subject to a substantial risk of incurring double,
18
multiple, or otherwise inconsistent obligations because of the interest.” Fed. R. Civ. P. 19(a)(1).
19
Apple contends that the app developers (some of which were formerly in this action as
20
Defendants) are necessary and indispensable parties because they have “legally protected interests”
21
and because “complete relief” cannot be accorded among the existing parties. Without specific
22
allegations of harm and causation, it is not clear whether the app developers are necessary parties
23
to this litigation. However, under Ninth Circuit authority, the app developers do not appear to be
24
necessary parties because they have not claimed a legally protected interest even though they are
25
aware of this action. See United States v. Bowen, 172 F.3d 682, 689 (9th Cir. 1999) (holding that
26
joinder of absent party was unnecessary where the absent party was aware of the action but did not
27
“claim a legally protected interest” in the action). Moreover, as Plaintiffs note, the allegations of
28
privacy violations in the Consolidated Complaint are not related to accessing information that is
12
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
“necessary to the functioning” of the apps. Instead, Plaintiffs allege that the apps and Mobile
2
Industry Defendants are accessing personal information only for their own commercial purposes.
3
On this record, the Court will not dismiss for failure to join necessary and indispensable parties.
4
5
6
7
8
9
4. Claim-Specific Issues
Aside from the deficiencies with respect to standing and pleading, Defendants have also
pointed out deficiencies with each of Plaintiffs’ eight claims.
a. Negligence (pled against Apple Only)
The elements of negligence under California law are: “(a) a legal duty to use due care; (b) a
breach of such legal duty; [and] (c) the breach as the proximate or legal cause of the resulting
United States District Court
For the Northern District of California
10
injury.” Evan F. v. Hughson United Methodist Church, 8 Cal. App. 4th 828, 834 (1992) (italics in
11
original). Defendants rightly argue that Plaintiffs have failed to state a claim of negligence. First,
12
Plaintiffs have not yet adequately pled or identified a legal duty on the part of Apple to protect
13
users’ personal information from third-party app developers. Tort law may not be used to supplant
14
private contractual agreements, and the failure to perform a contractual duty is not a tort, unless
15
that failure involves an independent legal duty. See Applied Equip. Corp. v. Litton Saudi Arabia
16
Ltd., 7 Cal. 4th 503, 514-15 (1994). Moreover, as exhaustively analyzed above, Plaintiffs have
17
failed to allege an “appreciable, nonspeculative, present injury” which is “an essential element of a
18
tort cause of action.” See Aas v. Super. Ct., 24 Cal. 4th 627, 646 (2000). Any amended complaint
19
must remedy these deficiencies.
20
21
b. Breach of Covenant of Good Faith and Fair Dealing
Under California law, every contract contains an implied covenant of good faith and fair
22
dealing. See, e.g., Kransco v. American Empire Surplus Lines Ins. Co., 23 Cal.4th 390, 400 (2000).
23
This implied covenant requires that neither party do anything that will deprive the other of the
24
benefits of the contract. Id. “The implied covenant protects only the parties’ right to receive the
25
benefit of their agreement.” Foley v. Interactive Data Corp, 47 Cal.3d 654, 699, 254 Cal. Rptr.
26
211, 765 P.2d 373.n.39 (1988). Plaintiffs cannot use the implied covenant of good faith and fair
27
dealing to deny to another party specific contract benefits for which such party bargained. See
28
Kinderstart.com, LLC v. Google, Inc., No. C06-2057 JF (RS), 2006 WL 3246596, at *3 (N.D. Cal
13
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
July 13, 2006) (finding no violation of implied covenant where parties’ website agreement
2
disclaimed referral warranties). Although Plaintiffs refer to Apple’s “click-through agreement” for
3
the App Store and Apple’s privacy agreements, Plaintiffs do not actually identify the contract upon
4
which they are relying for their breach of covenant of good faith and fair dealing claim. In
5
addition, Plaintiffs do not identify the “contract’s purposes.” Without identification of the
6
contract’s purposes, the Court cannot determine whether Plaintiffs were deprived of the benefits of
7
the contract at issue. Accordingly, any amended complaint must remedy these deficiencies.
8
c. California Consumer Legal Remedies Act, Cal. Civ. Code § 1770
9
The California Consumer Legal Remedies Act (“CLRA”) prohibits “unfair methods of
United States District Court
For the Northern District of California
10
competition and unfair or deceptive acts or practices.” Cal. Civ. Code § 1770. An action may be
11
brought under the CLRA pursuant to § 1780(a), which provides that “[any] consumer who suffers
12
any damage as a result of the use or employment by any person of a method, act, or practice
13
declared to be unlawful by Section 1770 may bring an action against such person.” Cal. Civ. Code
14
§ 1780(a) (emphasis added). The statute proscribes a variety of conduct, including “[r]epresenting
15
that goods or services have . . . characteristics, . . . benefits, or quantities which they do not have”
16
(Cal. Civ. Code § 1770(a)(5)), or “[r]epresenting that goods or services are of a particular standard,
17
quality, or grade, or that goods are of a particular style or model, if they are of another.” Cal. Civ.
18
Code § 1770(a)(7). The CLRA allows for restitution, injunctive relief, compensatory damage and
19
punitive damages. Cal. Civ. Code, § 1780(a)(1)-(5), (d). A consumer that has suffered “any
20
damage” as a result of a defendant’s violation of the CLRA may present a claim for a violation of
21
its provisions. Cal. Civ. Code § 1780(a).
22
As explained above, at this point, Plaintiffs have not alleged “any damage” as a result of
23
Defendants’ alleged actions. Therefore, Plaintiffs’ CLRA claim necessarily fails. Moreover,
24
Apple alleges that Plaintiffs have failed to state a claim under the CLRA because the CLRA
25
provides civil remedies for specific conduct in the sale of “goods” or “services.” Cal. Civ. Code
26
§ 1770. However, all of Plaintiffs’ allegations against Apple appear to be about software, i.e., the
27
iOS operating system on iDevices. Software is neither a “good” nor a “service” within the
28
meaning of the CLRA. See Ferrington v. McAfee, Case No. 10-CV-01455-LHK, 2010 U.S. Dist.
14
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
LEXIS 106600, at *52-58. Thus, to the extent Plaintiffs’ allegations are based solely on software,
2
Plaintiffs do not have a claim under the CLRA. Plaintiffs must remedy these deficiencies in any
3
amended complaint.
4
d. Computer Fraud and Abuse Act, 28 U.S.C. § 1030
5
The Computer Fraud and Abuse Act (“CFAA”) is a federal statute that creates liability for
6
“knowingly and with intent to defraud, access[ing] a protected computer without authorization, or
7
exceed[ing] authorized access.” 18 U.S.C. § 1030(a)(4). The CFAA specifically prohibits
8
“knowingly caus[ing] the transmission of a program, information, code, or command, and as a
9
result of such conduct, intentionally caus[ing] damage without authorization, to a protected
United States District Court
For the Northern District of California
10
computer.” Id. at § 1030(a)(5)(A)(i). A person who “intentionally accesses a computer without
11
authorization,” accesses a computer without any permission at all, while a person who “exceeds
12
authorized access,” has permission to access the computer, but accesses information on the
13
computer that the person is not entitled to access. See LVRC Holdings LLC v. Brekka, 581 F.3d
14
1127, 1133 (9th Cir. 2009) (quoting and interpreting 18 U.S.C. §§ 1030(a)(2) and (4)).
15
In order to bring a civil action under the CFAA, a plaintiff must also demonstrate that the
16
defendant’s action caused over $5,000 in “economic damages” over a one-year period. Id. at
17
§ 1030(a)(5)(B)(I). A plaintiff may aggregate individual damages over the putative class to meet
18
the damages threshold if the violation can be described as “one act.” See In re Toys R Us, Inc.
19
Privacy Litigation, 2001 WL 34517252, *11 (N.D. Cal. 2001). The term “damage” means “any
20
impairment to the integrity or availability of data, a program, a system, or information.” Id. at §
21
1030(e)(8). Thus, “economic damages” arise only when an individual or firm’s money or property
22
are impaired in value; money or property is lost; or money must be spent to restore or maintain
23
some aspect of a business affected by the alleged violation. See Creative Computing v.
24
Getloaded.com LLC, 386 F.3d 930, 935 (9th Cir. 2004) (“the statutory restriction, ‘limited to
25
economic damages,’ precludes damages for death, personal injury, mental distress, and the like.”).
26
Plaintiffs’ current allegations under their CFAA claim are insufficient for three reasons.
27
First, Plaintiffs have failed to allege that Apple acted “knowingly, with intent to defraud.”
28
Plaintiffs merely allege that Apple has taken “no meaningful steps” to enforce its own privacy
15
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
policy against third party app developers that are able to exploit Apple’s design of the iOS system.
2
Consol. Comp. ¶¶ 66, 71, 73. However, negligent software design cannot serve as a basis for a
3
CFAA claim. See 18 U.S.C. § 1030(g) (“No cause of action may be brought under this subsection
4
for the negligent design or manufacture of computer hardware, computer software, or firmware.”).
5
Second, Plaintiffs have failed to sufficiently allege that Defendants accessed a protected
computer “without authorization” or “exceeded authorized access” to Plaintiffs’ iDevices. See
7
§ 1030(a)(4). Where the software that allegedly harmed the phone was voluntarily downloaded by
8
the user, other courts in this District and elsewhere have reasoned that users would have serious
9
difficulty pleading a CFAA violation. See In re Apple & ATTM Antitrust Litig., 2010 U.S. Dist.
10
United States District Court
For the Northern District of California
6
LEXIS 98270, at *26 (N.D. Cal. July 8, 2010) (“Voluntary installation runs counter to the notion
11
that the alleged act was a trespass and to CFAA’s requirement that the alleged act was ‘without
12
authorization’ as well as the CPC’s requirement that the act was ‘without permission.’”); see also
13
Specific Media, 2011 U.S. Dist. LEXIS 50543, at *18 (on factual allegations similar to those here,
14
noting that “it is unclear whether Specific Media can be said to have ‘intentionally caus[ed]
15
damage’ to Plaintiffs’ computers.”).
16
Third, Plaintiffs have failed to sufficiently allege economic damages to one or more persons
17
during any one-year period aggregating at least $5,000 in value. The Court recognizes that
18
damages and losses under § 1030(e)(8)(A) may be aggregated across victims and over time for a
19
single act. See In re Doubleclick Privacy Litig., 154 F.Supp.2d 497, 523 (S.D.N.Y. 2001). Here,
20
however, there are no allegations as to the amount of economic harm suffered by Plaintiffs, and, at
21
this point at least, insufficient allegations of any economic harm to any Plaintiff. See Specific
22
Media, 2011 U.S. Dist. LEXIS 50543, at *17 (in analysis of CFAA claim, stating “Defendant
23
correctly observes that based on the above discussion regarding standing, Plaintiffs at the very least
24
have failed to plausibly allege that they and the putative class - even in the aggregate - have
25
suffered $5,000 in economic damages in a one year period as a result of Specific Media’s
26
actions.”); see also Bose v. Interclick, Inc., No. 10 Civ. 9183 (DAB), 2011 U.S. Dist. LEXIS
27
93663, at *12-14 (S.D.N.Y. Aug. 17, 2011) (finding that internet advertising company’s collection
28
of personal information through use of “browser cookies” and “flash cookies” without permission
16
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
did not establish the economic injury required by the CFAA). Moreover, even had economic
2
damages been alleged, Plaintiffs have not identified the “single act” of harm by Defendants that
3
would allow the Court to aggregate damages across victims and over time.
4
5
6
7
Plaintiffs must cure these deficiencies in any amended complaint, or risk dismissal of their
CFAA claim with prejudice.
e. Computer Crime Law, Cal. Penal Code § 502
California’s legislature enacted Cal. Penal Code Section 502 (“Section 502), the
8
Comprehensive Computer Data Access and Fraud Act, in order to “expand the degree of protection
9
afforded to individuals, businesses, and governmental agencies from tampering, interference,
United States District Court
For the Northern District of California
10
damage, and unauthorized access to lawfully created computer data and computer systems.” Cal.
11
Penal Code § 502(a). While the term “without permission” is not defined within the language of
12
the statute, the Northern District of California has twice considered the meaning of “without
13
permission” under Section 502 and determined that individuals may only be subjected to liability
14
for acting “without permission” under Section 502 if they “access[ ] or us[e] a computer, computer
15
network, or website in a manner that overcomes technical or code-based barriers.” See Facebook,
16
Inc. v. Power Ventures, Inc., No. C 08-05870-JW, 2010 U.S. Dist. LEXIS 93517, at *35 (N.D. Cal.
17
July 20, 2010) (providing extensive analysis of Section 502); see also In re Facebook Privacy
18
Litig., 2011 U.S. Dist. LEXIS 60604, at *26 (“It is thus impossible, on Plaintiffs’ own allegations,
19
for Defendant to be liable under the subsections of Section 502 which require a defendant to act
20
‘without permission,’ as there were clearly no technical barriers blocking Defendant from
21
accessing its own website.”). In Power Ventures, the court expressly refused to construe “without
22
permission” to include access to a website or computer network that merely violates a term of use,
23
reasoning that “interpreting the statutory phrase ‘without permission’ in a manner that imposes
24
liability for a violation of a term of use or receipt of a cease and desist letter would create a
25
constitutionally untenable situation in which criminal penalties could be meted out on the basis of
26
violating vague or ambiguous terms of use.” See Power Ventures, Inc., 2010 U.S. Dist. LEXIS
27
93517, at *33; see also LVRC Holdings LLC v. Brekka, 581 F.3d 1127, 1130 (9th Cir. 2009)
28
17
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
(“access to a computer may be ‘authorized,’ within the statutory meaning of the term, even if that
2
access violates an agreed upon term of using that computer”).
Plaintiffs broadly allege that Mobile Industry Defendants, but not Apple, gained access to
4
consumers’ data by paying app developers to include surreptitious tracking codes in the program
5
code for apps. Consol. Compl. ¶¶ 63-64. Plaintiffs attempt to distinguish their case from Power
6
Ventures and Facebook Privacy Litigation by arguing that, through the use of specific,
7
surreptitious computer code, Defendants gained access “without ever having Plaintiffs’ permission
8
at all.” However, Plaintiffs have still failed to allege how Defendants can be liable for accessing
9
Plaintiffs’ computers “without permission.” On Plaintiffs’ own allegations, the iOS and third party
10
United States District Court
For the Northern District of California
3
apps—which contain the alleged “surreptitious code”—were all installed or updated voluntarily by
11
Plaintiffs.
12
The Court is not persuaded by Plaintiffs’ further attempt to distinguish their case from
13
Power Ventures and Facebook Privacy Litigation by citing to the single subsection under Cal.
14
Penal Code § 502 that does not appear to require access “without permission” for liability. Section
15
502(c)(8) imposes liability upon any party who “[k]nowingly introduces any computer contaminant
16
into any computer, computer system, or computer network.” Cal. Penal Code § 502(c)(8).
17
Plaintiffs argue that Section 502(c)(8) itself does not include an express requirement that the
18
introduction of a computer contaminant be done “without permission.” However, Section
19
502(c)(10) defines “computer contaminant” as “any set of computer instructions that are designed
20
to modify, damage, destroy, record, or transmit information within a computer, computer system,
21
or computer network without the intent or permission of the owner of the information. They
22
include, but are not limited to, a group of computer instructions commonly called viruses or
23
worms, that are self-replicating or self-propagating and are designed to contaminate other computer
24
programs or computer data, consume computer resources, modify, destroy, record, or transmit data,
25
or in some other fashion usurp the normal operation of the computer, computer system, or
26
computer network.” See Cal. Penal Code § 502(b)(10) (emphasis added). Thus, the very definition
27
of a “computer contaminant” limits liability to conduct that occurs “without the intent or
28
permission of the owner of the information.” Moreover, the section on “computer contaminants”
18
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
appears to be aimed at “viruses or worms,” and other malware that usurps the normal operation of
2
the computer or computer system. Although Plaintiffs’ are given leave to amend to clarify their
3
allegations in an amended complaint, it is not clear to the Court how Section 502(c)(8) applies to
4
the case at hand.
5
6
f. Trespass to Chattels
Under California law, trespass to chattels “lies where an intentional interference with the
7
possession of personal property has proximately caused injury.” Intel Corp. v. Hamidi, 30 Cal. 4th
8
1342, 1350-51 (2003). In cases of interference with possession of personal property not amounting
9
to conversion, “the owner has a cause of action for trespass or case, and may recover only the
United States District Court
For the Northern District of California
10
actual damages suffered by reason of the impairment of the property or the loss of its use.” Id. at
11
1351. “[W]hile a harmless use or touching of personal property may be a technical trespass (see
12
Rest. 2d Torts, § 217), an interference (not amounting to dispossession) is not actionable, under
13
modern California and broader American law, without a showing of harm.” Id. Even where
14
injunctive relief is sought, “the plaintiff must ordinarily show that the defendant’s wrongful acts
15
threaten to cause irreparable injuries, ones that cannot be adequately compensated in damages.”
16
Id. at 1352 (citing 5 Witkin, Cal. Procedure (4th ed. 1997) Pleading, § 782, p. 239.).
17
In Intel Corp. v. Hamidi, the California Supreme Court held that, where there was “no
18
actual or threatened damage to [plaintiff’s] computer hardware or software and no interference with
19
its ordinary and intended operation,” the defendant’s trespass was not actionable. Hamidi, 30 Cal.
20
4th at 1353. Even assuming Plaintiffs’ current allegations establish a trespass, Plaintiffs have not
21
connected that trespass to an identifiable harm or injury. As Hamidi demonstrates, trespass without
22
harm, “by reason of the impairment of the property or the loss of use,” is not actionable. Hamidi,
23
30 Cal. 4th at 1351. Accordingly, Plaintiffs are given leave to amend their claim for trespass to
24
chattels to identify actionably harm or injury.
25
26
g. Unfair Competition Law (“UCL”), Cal. Bus. & Prof. Code §17200
To assert a UCL claim, a private plaintiff needs to have “suffered injury in fact and ... lost
27
money or property as a result of the unfair competition.” See Rubio v. Capital One Bank, 613 F.3d
28
1195, 1203 (9th Cir. 2010). Numerous courts have held that a plaintiff’s “personal information”
19
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
does not constitute money or property under the UCL. For example, the court in Facebook Privacy
2
Litigation rejected the argument that personal information itself “constitutes currency” and is “a
3
form of property,” and thus rejected a UCL claim. See In re Facebook Privacy Litig., 2011 U.S.
4
Dist. LEXIS 60604, at *23, n.10 (citing Ruiz v. Gap, Inc., 540 F. Supp. 2d 1121, 1127 (N.D. Cal.
5
2008) (finding no “authority to support the contention that unauthorized release of personal
6
information constitutes a loss of property.”)); see also Thompson v. Home Depot, Inc., No.
7
07cv1058 IEG, 2007 WL 2746603, at *3 (S.D. Cal. Sept. 18, 2007).
8
9
United States District Court
For the Northern District of California
10
11
12
13
14
As explained above in the section on Article III standing, Plaintiffs have not adequately
alleged any injury, let alone an injury of “lost money or property.” Moreover, as the court in the
Facebook Privacy Litigation recently explained:
a plaintiff who is a consumer of certain services (i.e., who “paid fees” for those services)
may state a claim under certain California consumer protection statutes when a company, in
violation of its own policies, discloses personal information about its consumers to the
public. See AOL, 719 F. Supp. 2d at 1111-13. Here, by contrast, Plaintiffs do not allege
that they paid fees for Defendant’s services. Instead, they allege that they used Defendant’s
services “free of charge.”
See In re Facebook Privacy Litig., 2011 U.S. Dist. LEXIS 60604, *22-23. Here, as in the
15
Facebook Privacy Litigation, there is no dispute that Plaintiffs did not pay for services for the App
16
Store, but instead used it “free of charge.” Of course, Plaintiffs may have paid for the apps they
17
downloaded – although Plaintiffs have not identified which apps they downloaded – but Plaintiffs
18
have not brought suit against the app developers. In any event, although Plaintiffs’ current
19
allegations do not suffice to establish a claim under the UCL, Plaintiffs are given leave to amend.
20
h. Unjust Enrichment
21
As this Court has previously determined, “there is no cause of action for unjust enrichment
22
under California law.” See Ferrington, 2010 U.S. Dist. LEXIS 106600, at *51 (citing Durell v.
23
Sharp Healthcare, 183 Cal. App. 4th 1350, 1370, 108 Cal. Rptr. 3d 682 (Cal. Ct. App. 2010)).
24
However, some courts have held that unjust enrichment is equivalent to restitution, see Dinosaur
25
Dev., Inc. v. White, 216 Cal. App. 3d 1310, 265 Cal. Rptr. 525 (1989), and have allowed litigants to
26
seek unjust enrichment as a remedy. See Durell, 183 Cal. App. 4th at 1370. “[R]estitution may be
27
awarded in lieu of breach of contract damages when the parties had an express contract, but it was
28
20
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
1
procured by fraud or is unenforceable or ineffective for some reason.” See McBride v. Boughton,
2
123 Cal. App. 4th 379, 388 (2004).
3
Plaintiffs concede that unjust enrichment is merely an equitable remedy, and instead request
4
leave to amend their demand for relief. In any amended complaint, Plaintiffs may clarify their
5
demand for relief to include unjust enrichment or restitution.
6
7
III. CONCLUSION
For the reasons explained above, Defendants’ motions to dismiss for lack of Article III
8
standing are GRANTED WITH LEAVE TO AMEND. Any amended complaint must remedy the
9
deficiencies identified above, and must be filed and served within 60 days of this Order.
United States District Court
For the Northern District of California
10
IT IS SO ORDERED.
11
12
Dated: September 20, 2011
_________________________________
LUCY H. KOH
United States District Judge
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
21
Case No.: 11-MD-02250-LHK
ORDER GRANTING MOTIONS TO DISMISS FOR LACK OF ARTICLE III STANDING
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?