Svenson v. Google, Inc. et al
Filing
118
ORDER DENYING 89 MOTION TO DISMISS FOR LACK OF ARTICLE III STANDING; AND GRANTING IN PART AND DENYING IN PART 89 MOTION TO DISMISS FOR FAILURE TO STATE A CLAIM. Signed by Judge Beth Labson Freeman on 4/1/2015. (blflc1, COURT STAFF) (Filed on 4/1/2015)
<![CDATA[
1
2
3
4
UNITED STATES DISTRICT COURT
5
NORTHERN DISTRICT OF CALIFORNIA
6
SAN JOSE DIVISION
7
8
ALICE SVENSON, individually and on
behalf of all others similarly situated,
Plaintiff,
9
v.
10
United States District Court
Northern District of California
11
12
GOOGLE INC., a Delaware Corporation,
and GOOGLE PAYMENT
CORPORATION, a Delaware Corporation,
Defendants.
13
Case No. 13-cv-04080-BLF
ORDER DENYING MOTION TO
DISMISS FOR LACK OF ARTICLE III
STANDING; AND GRANTING IN PART
AND DENYING IN PART MOTION TO
DISMISS FOR FAILURE TO STATE A
CLAIM
[Re: ECF 89]
14
Plaintiff Alice Svenson (“Svenson”) brings this putative class action to challenge the
15
16
alleged failure of Defendants Google, Inc. and Google Payment Corporation (collectively
17
“Google”) to honor the written privacy policies governing Google’s electronic payment service,
18
Google Wallet (“Wallet”). Google moves to dismiss the operative first amended complaint
19
(“FAC”) under Federal Rule of Civil Procedure 12(b)(1) for lack of Article III standing and under
20
Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim. The Court has considered the
21
briefing and the oral argument presented at the hearing on January 15, 2015. For the reasons
22
discussed below, the motion to dismiss for lack of Article III standing is DENIED and the motion
23
to dismiss for failure to state a claim is GRANTED IN PART AND DENIED IN PART.
24
25
I.
BACKGROUND
Wallet is an electronic payment processing service operated by Google to facilitate
26
purchases of mobile device applications (“Apps”) from the Google Play Store (“Play Store”).
27
FAC ¶¶ 25-26. Wallet is the only method by which Apps may be purchased from the Play Store.
28
Id. ¶ 32. Wallet accounts are governed by the Google Wallet Terms of Service, which incorporate
1
the Google Wallet Privacy Policy, which in turn incorporates the Google Privacy Policy. FAC ¶
2
54 and Exhs. A-C. The Google Wallet Privacy Policy states that Google may share a user’s
3
“personal information” only: (1) as permitted under the Google Privacy Policy; (2) as necessary
4
to process a user’s transaction and maintain a user’s account; or (3) to complete a user’s
5
registration for a service provided by a third party. Google Wallet Privacy Policy at 2, FAC Exh.
6
B, ECF 84-2. Under the Google Privacy Policy, Google may share a user’s “personal
7
information” only: (1) with the user’s consent; (2) with domain administrators; (3) for external
8
processing; and (4) for legal reasons. Google Privacy Policy at 3-4, FAC Exh. C, ECF 84-3.
Svenson alleges that prior to the filing of this lawsuit, Google’s practice was to ignore
10
these restrictions and, whenever a user purchased an App in the Play Store, to share the user’s
11
United States District Court
Northern District of California
9
personal information with the App vendor. FAC ¶ 70-71. Svenson confusingly refers to this
12
personal information as “Packets Contents.” Id. ¶ 71. “Packets Contents” are defined in the FAC
13
as “the data, transmitted in packets sent by Plaintiff and the Class to Defendants, that provide
14
Defendants information necessary to execute the App purchase and does not include packets
15
record information such as control elements (e.g., electronic-addressing information that enables
16
the packets to arrive at their intended destination).” FAC ¶ 9. “Packets Contents” include
17
“personal information about Buyers, including credit card information, purchase authorization,
18
addresses, zip codes, names, phone numbers, email addresses, and/or other information.” Id. ¶ 10.
19
Svenson alleges that Google made “Packets Contents” available to the App vendor after collecting
20
the App purchase price, retaining a thirty percent cut of the purchase price, remitting the
21
remaining portion of the purchase price to the App vendor, and providing the buyer with a receipt.
22
Id. ¶¶ 71, 114. She asserts that Google’s sharing of the “Packets Contents” with the App vendor
23
was not necessary to the App purchases and was not otherwise authorized by the Google Wallet
24
Terms of Service. Id. ¶¶ 72-79. Svenson claims that Google ceased its blanket practice of sharing
25
users’ personal information with App vendors shortly after she filed this lawsuit. Id. ¶ 11.
26
On May 6, 2013, Svenson used Wallet to buy the “SMS MMS to Email” App in the Play
27
Store for $1.77. FAC ¶ 87-88. Google collected the $1.77 by debiting the payment instrument
28
associated with Svenson’s Wallet account. Id. ¶¶ 90-92. Google also made Svenson’s “Packets
2
1
Contents” available to the App vendor, YCDroid. FAC ¶ 90. Because of the way that Svenson
2
defines the term “Packets Contents,” it is unclear exactly what information was shared with
3
YCDroid. The Court understands Svenson to be alleging that Google shared with YCDroid
4
“personal information,” as that term is used in the applicable privacy policies, even though
5
YCDroid did not need the information for the App transaction and sharing the information was not
6
authorized under the privacy policies.
7
Based upon these allegations, Svenson asserts claims on behalf of herself and those
8
similarly situated for: (1) breach of contract, (2) breach of the implied covenant of good faith and
9
fair dealing, (3) violation of the Stored Communications Act, 18 U.S.C. § 2701; (4) violation of
the Stored Communications Act, 18 U.S.C. § 2702; and (5) violation of California’s Unfair
11
United States District Court
Northern District of California
10
Competition Law (“UCL”), California Business and Professions Code § 17200.
12
II.
LEGAL STANDARDS
13
A.
Rule 12(b)(1)
14
A motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(1) raises a
15
challenge to the Court’s subject matter jurisdiction. See Fed. R. Civ. P. 12(b)(1). “Article III . . .
16
gives the federal courts jurisdiction over only cases and controversies.” Public Lands for the
17
People, Inc. v. United States Dep’t of Agric., 697 F.3d 1192, 1195 (9th Cir. 2012) (internal
18
quotation marks and citation omitted). “The oft-cited Lujan v. Defenders of Wildlife case states
19
the three requirements for Article III standing: (1) an injury in fact that (2) is fairly traceable to
20
the challenged conduct and (3) has some likelihood of redressability.” Id. at 1195-96 (citing Lujan
21
v. Defenders of Wildlife, 504 U.S. 555, 560-61 (1992)). If these requirements are not satisfied, the
22
action should be dismissed for lack of subject matter jurisdiction. See Steel Co. v. Citizens for a
23
Better Env’t, 523 U.S. 83, 109-10 (1998).
24
B.
Rule 12(b)(6)
25
“A motion to dismiss under Federal Rule of Civil Procedure 12(b)(6) for failure to state a
26
claim upon which relief can be granted ‘tests the legal sufficiency of a claim.’” Conservation
27
Force v. Salazar, 646 F.3d 1240, 1241-42 (9th Cir. 2011) (quoting Navarro v. Block, 250 F.3d
28
729, 732 (9th Cir. 2001)). When determining whether a claim has been stated, the Court accepts
3
1
as true all well-pled factual allegations and construes them in the light most favorable to the
2
plaintiff. Reese v. BP Exploration (Alaska) Inc., 643 F.3d 681, 690 (9th Cir. 2011). However, the
3
Court need not “accept as true allegations that contradict matters properly subject to judicial
4
notice” or “allegations that are merely conclusory, unwarranted deductions of fact, or
5
unreasonable inferences.” In re Gilead Scis. Sec. Litig., 536 F.3d 1049, 1055 (9th Cir. 2008)
6
(internal quotation marks and citations omitted). While a complaint need not contain detailed
7
factual allegations, it “must contain sufficient factual matter, accepted as true, to ‘state a claim to
8
relief that is plausible on its face.’” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl.
9
Corp. v. Twombly, 550 U.S. 544, 570 (2007)). A claim is facially plausible when it “allows the
10
United States District Court
Northern District of California
11
court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id.
III.
DISCUSSION
12
A.
Subject Matter Jurisdiction
13
Svenson clearly has Article III standing to bring her two claims under the Stored
14
Communications Act. See In re Zynga Privacy Litig., 750 F.3d 1098, 1105 n.5 (9th Cir. 2014)
15
(“Because the plaintiffs allege that Facebook and Zynga are violating statutes that grant persons in
16
the plaintiffs’ position the right to judicial relief, we conclude they have standing to bring this
17
claim.”). However, “Article III standing is [ ] claim- and relief-specific, such that a plaintiff must
18
establish Article III standing for each of her claims and for each form of relief sought.” In re
19
Adobe Sys., Inc. Privacy Litig., --- F. Supp. 2d ----, 2014 WL 4379916, at *10 (N.D. Cal. Sept. 4,
20
2014). Google asserts Svenson has not established Article III standing to bring her state law
21
claims for breach of contract, breach of the implied covenant, and unfair competition.
22
Specifically, Google asserts that she has not alleged that she suffered any cognizable injury in fact
23
that is fairly traceable to Google. As discussed below, Svenson has alleged facts sufficient to state
24
a claim for breach of contract, breach of the implied covenant of good faith and fair dealing, and
25
unfair competition, meaning that she has alleged that she suffered damages (“injury in fact”)
26
resulting from Google’s breach of contract, breach of the implied covenant, and unfair competition
27
(“fairly traceable to the challenged conduct”). See Public Lands for the People, 697 F.3d at 1195-
28
96 (reciting Lujan factors).
4
1
Accordingly, the motion to dismiss for lack of Article III standing is DENIED.
2
B.
3
4
Failure to State a Claim
1.
Claim 1 – Breach of Contract
Claim 1 alleges breach of contract. To succeed on a breach of contract claim under
5
California law, a plaintiff must establish a contract, the plaintiff’s performance or excuse for
6
nonperformance, the defendant’s breach, and resulting damages to the plaintiff. Pyramid Tech.,
7
Inc. v. Hartford Cas. Ins. Co., 752 F.3d 807, 818 (9th Cir. 2014).
8
9
Svenson alleges that Wallet transactions are governed by the Google Wallet Terms of
Service, which incorporate terms of the Google Wallet Privacy Policy, which in turn incorporates
terms of the Google Privacy Policy. FAC ¶ 54 and Exhs. A-C. The privacy policies governing
11
United States District Court
Northern District of California
10
Wallet are set forth in a fairly straightforward manner in those three documents, which are
12
attached to the FAC. Id. However, Svenson does not assert claims based directly upon those
13
documents. Instead, she alleges that separate and distinct “Buyer Contracts” are created each time
14
a user with a Wallet account makes a purchase in the Play Store, and that those “Buyer Contracts”
15
incorporate the then-current version of the Google Wallet Terms of Service. See FAC ¶¶ 34-53.
16
According to Svenson, the “Buyer Contracts” are different from “Customer” contracts entered into
17
by users who merely register for a Wallet account but never make a purchase. See id.
18
Based upon the prior pleading and argument, the Court had understood there to be one
19
contract entered into when a user obtains a Wallet account. While the Court had understood
20
different contract provisions to cover different circumstances – e.g., Wallet being used to purchase
21
Apps versus Wallet lying dormant after initial registration – the Court was under the impression
22
that all those circumstances were addressed in a single contract. However, Svenson now alleges
23
expressly that a new contract is formed each and every time a user purchases an App in the Play
24
Store. See FAC ¶¶ 34-35. Google urges the Court to reject that allegation as implausible in light
25
of Svenson’s allegation in the original complaint that she agreed to the Google Wallet Terms of
26
Service when she registered for Wallet. See Defs.’ Reply at 5 n.2, ECF 95. Google relies upon
27
cases holding that when determining plausibility of allegations in an amended complaint, the
28
Court may consider contradictory allegations made in prior iterations of the complaint. See
5
1
Kennedy v. Wells Fargo Bank, N.A., No. C 11-0675 MMC, 2011 WL 3359785, at *5 (N.D. Cal.
2
Aug. 2, 2011) ; Fasugbe v. Willms, No. CIV 2:10-2320 WBS KNJ, 2011 WL 2119128, at *5 (E.D.
3
Cal. May 26, 2011); Stanislaus Food Prods. Co. v. USS-POSCO Indus., 782 F. Supp. 2d 1059,
4
1075 (E.D. Cal. 2011).
5
Plaintiff does not dispute that some users agree to the Google Wallet Terms of Service
6
when initially registering for Wallet. However, she alleges that even after initially registering for
7
Wallet, users are required to enter into a new and separate “Buyer Contract” in order to complete
8
each subsequent App purchase. FAC ¶ 34-35. According to Svenson, a “Buyer Contract” is not
9
complete until the user making the purchase in the Play Store clicks a button that (1) indicates
consent to the Google Wallet Terms of Service existing at the time of the purchase and (2)
11
United States District Court
Northern District of California
10
authorizes Google to execute the transaction. Id. ¶ 42. It is not clear from the FAC whether
12
Svenson initially registered for Wallet and then later purchased the App or whether she registered
13
for Wallet concurrently with purchasing the App. See id. ¶¶ 87-88. The Court concludes that this
14
lack of clarity makes little difference, as under Svenson’s theory even a user who already has a
15
Wallet account must enter into a new “Buyer Contract” at the time of each subsequent App
16
purchase. Thus the Court does not view Svenson’s current allegations to be irreconcilable with
17
her earlier allegations. Moreover, to the extent that Google disputes the factual accuracy of the
18
current allegations – that a separate “Buyer Contract” is created each and every time a user
19
purchases an App in the Play Store – resolution of that factual dispute is not appropriate on a
20
motion to dismiss. Nothing in this order precludes Google from challenging Svenson’s allegations
21
regarding “Buyer Contracts” in a motion for summary judgment or at another appropriate point in
22
the litigation. However, for pleading purposes, Plaintiff adequately has alleged the existence of a
23
“Buyer Contract” between herself and Google.
24
Svenson alleges that she performed her obligations under the “Buyer Contract” and that
25
Google breached the “Buyer Contract” by sharing her personal information – or “Packets
26
Contents” – with YCDroid when such sharing was not necessary to her App purchase and was not
27
otherwise authorized under the “Buyer Contract.” FAC ¶¶ 139, 149. Those allegations are
28
sufficient to satisfy the second and third elements of a contract claim. Google’s motion turns on
6
1
the fourth element, damages resulting from the breach.
Benefit of the Bargain
3
The FAC articulates two theories of contract damages – benefit of the bargain and
4
diminution in value of Svenson’s personal information.1 Addressing benefit of the bargain first,
5
“[c]ontract damages compensate a plaintiff for its lost expectation interest. This is described as
6
the benefit of the bargain that full performance would have brought.” New West Charter Middle
7
School v. Los Angeles Unified School Dist., 187 Cal. App. 4th 831, 844 (2010). In Chavez v. Blue
8
Sky Natural Beverage Co., 340 Fed. Appx. 359 (9th Cir. 2009), the Ninth Circuit concluded that
9
the plaintiff had made out a benefit of the bargain damages theory where he alleged that he had
10
purchased Blue Sky soda instead of other brands based on representations that Blue Sky was a
11
United States District Court
Northern District of California
2
New Mexico company; Blue Sky was not bottled or produced in New Mexico; he would not have
12
purchased Blue Sky had he known the truth about the product’s geographic origin; and as a result
13
he lost money because he did not receive what he had paid for. Id. at 361.
In her original complaint, Svenson alleged that a portion of the $1.77 App purchase price
14
15
compensated Google for the service of facilitating the App transaction without disclosing her
16
personal information; and that she was denied the benefit of her bargain when Google facilitated
17
the App transaction but disclosed her personal information to the third-party vendor. The Court
18
concluded that those allegations were insufficient to show contract damages, noting among other
19
things that Svenson had not alleged facts showing that any portion of the $1.77 App purchase
20
price was retained by Google, or that the $1.77 App purchase price was intended to pay for
21
anything other than the App, which Svenson received. Order of Aug. 12, 2014 at 7, ECF 83.
22
Svenson now alleges that “Defendants’ payment-processing services provided under Buyer
23
Contracts are not free: Defendants keep a percentage of the purchase price for each App purchase
24
they process.” FAC ¶ 142. She also alleges that “[t]he percentage of the App sales price
25
26
27
28
1
Plaintiff’s original complaint also alleged that Google’s conduct exposed her to increased risk of
identity theft. The Court’s prior order made clear that the Court viewed that theory of contract
damages to be untenable, see Order of Aug. 12, 2014 at 8, ECF 83, and Svenson has not repeated
that theory here in connection with her contract claim, although she does allege increased risk of
identity theft in connection with her unfair competition claim, see FAC ¶¶ 240, 243.
7
1
Defendants retained is the money Defendants earned from Plaintiff’s and Class Members’
2
purchases of Apps under the Buyer Contracts.” Id. ¶ 148.
3
Svenson also has clarified her contract theory as follows: under the “Buyer Contract”
created at the time of her App purchase, the parties were to receive certain benefits: she was to
5
receive a payment processing service that would facilitate her Play Store purchase while keeping
6
her private information confidential in all but specific circumstances under which disclosure was
7
authorized; and Google was to obtain access to her personal information, which had value to
8
Google, and also was to retain a percentage of the App’s purchase price. Id. ¶¶ 142-150. Google
9
did obtain Svenson’s personal information and did retain a percentage of the purchase price of the
10
“SMS MMS to Email” App, but she did not receive the contracted-for privacy protections. Id. ¶¶
11
United States District Court
Northern District of California
4
148, 151-52. Svenson alleges that “[t]he services Plaintiff and Class Members ultimately
12
received in exchange for Defendants’ cut of the App purchase price – payment processing, in
13
which their information was unnecessarily divulged to an unaccountable third party – were worth
14
quantifiably less than the services they agreed to accept, payment processing in which the data
15
they communicated to Defendants would only be divulged under circumstances which never
16
occurred.” Id. ¶ 151. She also alleges that “[h]ad Plaintiff known Defendants would disclose her
17
Packets Contents, she would not have purchased the ‘SMS MMS to Email’ App from
18
Defendants.” Id. ¶ 96. Svenson alleges that the App “is available from numerous other App
19
stores besides Google Play, including AppBrain and App Annie.” Id. ¶ 95. Under the rationale of
20
Chavez, discussed above, the Court concludes that Svenson has alleged facts sufficient to show
21
contract damages under a benefit of the bargain theory.
22
Diminution of Value of Personal Information
23
Svenson also alleges that Google’s conduct in making her personal information available
24
to YCDroid diminished the sales value of that personal information. FAC ¶ 125. As the Court
25
recognized in its prior order, the Ninth Circuit expressly has recognized that this type of allegation
26
may be sufficient to establish the element of damages for a breach of contract claim. See In re
27
Facebook Privacy Litig., 572 Fed. Appx. 494 (9th Cir. 2014). The Court concluded that
28
Svenson’s original complaint did not allege facts sufficient to make out this theory of contract
8
1
damages because it did not allege a market for Svenson’s personal information. Order of Aug. 12,
2
2014 at 8, ECF 83. Svenson now alleges that “[t]here is a robust market for the type of
3
information contained within the Packets Contents,” FAC ¶ 98, and that “[a]s a result of
4
Defendants’ actions, Plaintiff and the Class have been deprived of their ability to sell their own
5
personal data on the market,” Id. ¶ 157.
6
Google asserts that more is required to allege contract damages under a diminution in value
theory, citing district court decisions requiring factual specificity as to how the defendant’s use of
8
the information deprived the plaintiff of the information’s economic value. See Opperman v.
9
Path, Inc., No. 13-cv-00453-JST, 2014 WL 1973378, at *23 (N.D. Cal. May 14, 2014) (“a
10
plaintiff must allege how the defendant’s use of the information deprived the plaintiff of the
11
United States District Court
Northern District of California
7
information’s economic value”); Google, Inc. Privacy Policy Litig., No. C-12-01382-PSG, 2013
12
WL 6248499, at *5 (N.D. Cal. Dec. 3, 2013) (same); Google Android Consumer Privacy Litig.,
13
No. 11-MD-02264-JSW, 2013 WL 1283236, at *4 (N.D. Cal. Mar. 26, 2013) (“Plaintiffs also do
14
not allege they attempted to sell their personal information, that they would do so in the future, or
15
that they were foreclosed from entering into a value for value transaction relating to their PII, as a
16
result of the Google Defendants’ conduct.”). All but one of the cited decisions issued before the
17
Ninth Circuit’s May 2014 Facebook Privacy Litig. decision. Opperman, which issued six days
18
after Facebook Privacy Litig., does not cite it. The Ninth Circuit’s holding does not require the
19
type of explication discussed by the district court decisions, holding as follows:
20
23
Plaintiffs allege that the information disclosed by Facebook can be used to obtain
personal information about plaintiffs, and that they were harmed both by the
dissemination of their personal information and by losing the sales value of that
information. In the absence of any applicable contravening state law, these
allegations are sufficient to show the element of damages for their breach of
contract and fraud claims. Therefore, the district court erred in dismissing these
state law claims.
24
Facebook Privacy Litig., 572 Fed. Appx. at 494 (internal citations omitted). In light of the Ninth
25
Circuit’s ruling, this Court concludes that Svenson’s allegations of diminution in value of her
26
personal information are sufficient to show contract damages for pleading purposes.
21
22
27
Accordingly, the motion to dismiss is DENIED as to Claim 1.
28
9
1
2
2.
Claim 2 – Breach of the Implied Covenant
Claim 2 alleges breach of the implied covenant of good faith and fair dealing. “‘The
3
implied promise [of good faith and fair dealing] requires each contracting party to refrain from
4
doing anything to injure the right of the other to receive the benefits of the agreement.’” Avidity
5
Partners, LLC v. State of Cal., 221 Cal. App. 4th 1180, 1204 (2013) (quoting Egan v. Mutual of
6
Omaha Ins. Co., 24 Cal. 3d 809, 818 (1979)). “The implied covenant of good faith and fair
7
dealing does not impose substantive terms and conditions beyond those to which the parties
8
actually agreed.” Id.
9
The Court previously dismissed Svenson’s claim for breach of the implied covenant after
concluding that it was duplicative of her claim for breach of contract in that it alleged no more
11
United States District Court
Northern District of California
10
than Google’s disclosure of her personal information. See Order of Aug. 12, 2014 at 9, ECF 83.
12
In the FAC, Svenson alleges that among the benefits conferred upon her and the Class by the
13
“Buyer Contracts,” which incorporated the Google Wallet Terms of Service, were privacy
14
protections arising out of Google’s obligation not to disclose their personal information except as
15
necessary to a transaction or as otherwise specifically authorized. FAC ¶¶ 162-63. She alleges
16
further that “the Wallet Terms are standardized and non-negotiable terms that Defendants, at their
17
own discretion, interpreted to carry out the above-described privacy promises in a way that
18
resulted in the unnecessary disclosure of Plaintiff and other Class members’ Packets Contents to
19
third-party App Vendors.” Id. ¶ 164. Specifically, Plaintiff alleges that “while Defendants may
20
share personal information with third parties if ‘necessary to process the user’s transaction and
21
maintain the user’s account,’ that provision is not reasonably interpreted to allow blanket,
22
universal disclosure of any or all of the Packets Contents to third-party App Vendors” in
23
connection with every App purchase in the Play Store. FAC ¶ 165 (emphasis added). Svenson
24
alleges that “[t]he agreed common purpose of the Wallet Terms was for Buyers to be able to
25
privately purchase Apps from App Vendors,” and that Google exercised its discretion under the
26
Wallet Terms of Service in a way that frustrated that purpose. See id. ¶¶ 165, 168, 170. The Court
27
concludes that this theory and these allegations are sufficient to state a claim for breach of the
28
implied covenant of good faith and fair dealing.
10
1
Google points out, correctly, that Svenson’s implied covenant claim also contains
2
allegations that Google did not inform users that their personal information would be shared with
3
App vendors in connection with every transaction, see FAC ¶¶ 167, 169, and that the alleged
4
failure to inform is insufficient to state a claim for breach of the implied covenant absent an
5
allegation that Google had a duty to inform. At the hearing, the Court engaged in a colloquy with
6
counsel as to whether it would make sense to go through another round of amendment and –
7
presumably – motion practice, or whether the allegations in the FAC were sufficient to move
8
forward on the implied covenant claim. Viewing the claim as a whole, the Court concludes that
9
Svenson does allege a viable claim for breach of the implied covenant despite her stray, non-
10
United States District Court
Northern District of California
11
12
13
actionable allegations regarding Google’s failure to disclose.
Accordingly, the motion to dismiss is DENIED as to Claim 2.
3.
Claim 3 – Violation of SCA § 2701
Claim 3 alleges that disclosure of Svenson’s personal information violated § 2701 of the
14
Stored Communications Act (“SCA”), 18 U.S.C. § 2701. The Court previously dismissed Claim 3
15
without leave to amend. See Order of Aug. 12, 2014 at 11, ECF 83. Svenson acknowledges the
16
Court’s prior order and makes clear that she has included Claim 3 in her FAC to preserve her
17
appeal rights. Thus no substantive discussion of Claim 3 is required here.
18
19
20
21
22
23
24
25
26
27
28
The motion to dismiss is GRANTED WITHOUT LEAVE TO AMEND as to Claim 3.
4.
Claim 4 – Violation of SCA § 2702
Claim 4 alleges that disclosure of Svenson’s personal information violated § 2702 of the
SCA, which creates a private right of action for violation of the following provisions:
(a) Prohibitions. – Except as provided in subsection (b) or (c) –
(1) a person or entity providing an electronic communication service to the
public shall not knowingly divulge to any person or entity the contents of a
communication while in electronic storage by that service; and
(2) a person or entity providing remote computing service to the public shall not
knowingly divulge to any person or entity the contents of any communication
which is carried or maintained on that service –
(A) on behalf of, and received by means of electronic transmission from (or
created by means of computer processing of communications received by
means of electronic transmission from), a subscriber or customer of such
11
1
2
3
4
5
6
7
8
9
service;
(B) solely for the purpose of providing storage or computer processing
services to such subscriber or customer, if the provider is not authorized to
access the contents of any such communications for purposes of providing
any services other than storage or computer processing; and
(3) a provider of remote computing service or electronic communication service
to the public shall not knowingly divulge a record or other information
pertaining to a subscriber to or customer of such service (not including the
contents of communications covered by paragraph (1) or (2)) to any
governmental entity.
18 U.S.C. § 2702(a) (emphasis added); see id. § 2707(a) (creating a private right of action).
While a provider described in subsection (a) may not disclose the “contents of a
communication,” such provider may divulge “a record or other information” regarding a
subscriber or customer to “any person other than a governmental entity” and to governmental
11
United States District Court
Northern District of California
10
entities under certain circumstances. 18 U.S.C. § 2702(c) (emphasis added).
12
Google’s motion does not challenge Google’s status as an entity “providing an electronic
13
communication service” and/or “providing remote computing service” within the meaning of §
14
2702(a). The question presented by this motion is whether the “Packets Contents” Google sent
15
YCDroid was “contents of a communication” or “a record or other information”; if the former,
16
Svenson has made out a claim under § 2702(a), but if the latter she has not.
17
In its prior order, the Court discussed at length the available case law on the issue of
18
“record information” versus “contents of a communication.” See Order of Aug. 12, 2014 at 11-15,
19
ECF 83. In Zynga, the Ninth Circuit defined “contents of a communication” as “any information
20
concerning the substance, purport, or meaning of that communication.” Zynga, 750 F.3d at 1105
21
(citing 18 U.S.C. § 2510(8)); see also id. at 1104 (noting that the SCA incorporates the Wiretap
22
Act’s definition of “contents”). The Ninth Circuit explained that “the term ‘contents’ refers to the
23
intended message conveyed by the communication, and does not include record information
24
regarding the characteristics of the message that is generated in the course of the communication.”
25
Id. at 1106. The Ninth Circuit has recognized that record information generally includes “the
26
name, address, or client ID number of the entity’s customers.” Id. at 1104.
27
28
In Zynga, the plaintiffs claimed that when users clicked on certain ads or icons on a
Facebook webpage, the web browser sent a request to access the resource identified by the link
12
1
and also sent a “referer header” comprising the user’s Facebook ID and the address of the
2
Facebook webpage the user was viewing when the user clicked the link. Zynga, 750 F.3d at 1101-
3
02. The plaintiffs alleged that the referer header constituted contents of a communication such
4
that its transmission to third parties violated § 2702(a). The Ninth Circuit held that the referer
5
header did not meet the definition of “contents.” Id. at 1107. Equating the Facebook ID with a
6
user’s “name” or “subscriber number or identity,” and equating the webpage address with a user’s
7
“address,” the Ninth Circuit held that “these pieces of information are not the ‘substance, purport,
8
or meaning’ of a communication.” Id.
9
The Ninth Circuit distinguished In re Pharmatrak, 329 F.3d 9 (1st Cir. 2003), a Wiretap
Act case in which the defendants allegedly intercepted the contents of electronic communications,
11
United States District Court
Northern District of California
10
specifically, information that individuals provided to online pharmaceutical websites. That
12
information included the individuals’ “names, addresses, telephone numbers, email addresses,
13
dates of birth, genders, insurance statuses, education levels, occupations, medical conditions,
14
medications, and reasons for visiting the particular website.” Id. at 15. It was undisputed that the
15
information constituted “contents” of a communication under the circumstances of the case; the
16
arguments focused on whether the “interception” element of the Wiretap Act claim was satisfied
17
and whether the consent exception applied. Id. at 18. The Ninth Circuit opined in Zynga that the
18
information in Pharmatrak properly was characterized as contents of a communication “[b]ecause
19
the users had communicated with the website by entering their personal medical information into
20
a form provided by a website.” Zynga, 750 F.3d at 1107 (emphasis added). The Ninth Circuit
21
distinguished the case before it by noting that the Zynga defendants did not divulge a user’s
22
communications to a website but allegedly “divulged identification and address information
23
contained in a referrer header automatically generated by the web browser.” Id.
24
Although Zynga distinguished Pharmatrak in part on the basis that the referrer header at
25
issue in Zynga was automatically generated, this Court does not read Zynga so narrowly to mean
26
that only automatically generated data may constitute record information. The Court reads Zynga
27
and cases in this district to define “record information” as including a user’s name, email address,
28
account name, mailing address, and the like. See Zynga at 1104 (recognizing that record
13
1
information generally includes “the name, address, or client ID number of the entity’s
2
customers”); Chevron Corp. v. Donziger, No. 12-mc-80237 CRB (NC), 2013 WL 4536808, at *6
3
(N.D. Cal. Aug. 22, 2013) (characterizing information associated with the creation of an email
4
address, including names, mailing addresses, phone numbers, billing information, and date of
5
account creation, as “record or other information” and not “contents” of a communication);
6
Obodai v. Indeed, Inc., No. 13-80027-MISC EMC (KAW), 2013 WL 1191267, at *3 (N.D. Cal.
7
Mar. 21, 2013) (holding that no “content” of communications was implicated by a subpoena
8
seeking “subscriber information” provided when a user creates a Gmail account, such as phone
9
numbers and alternative email addresses). To hold that such information constitutes contents of a
10
United States District Court
Northern District of California
11
communication unless it was automatically generated would read § 2702(c) out of the statue.
This Court previously dismissed Claim 4 after concluding that the personal information
12
described in the original complaint – “the user’s name, email address, Google account name, home
13
city and state, zip code, and in some instances telephone number,” Compl. ¶ 49, ECF 5-1 –
14
constituted “record information” rather than “contents of a communication.” See Order of Aug.
15
12, 2014 at 11-15, ECF 83. Because the § 2702 claim had not previously been challenged by
16
motion or addressed by the Court, Svenson was granted an opportunity to amend. Id. at 15.
17
However, the Court cautioned that “[g]iven the analysis set forth herein, Plaintiff must consider
18
whether she can allege additional facts that would demonstrate that the alleged disclosure was
19
more than record information.” Id. Google argues, and the Court agrees, that Svenson has not
20
alleged such facts.
21
The “Packets Contents” described in the FAC are alleged to include “personal information
22
about Buyers, including credit card information, purchase authorization, addresses, zip codes,
23
names, phone numbers, email addresses, and/or other information.” FAC ¶ 10. Despite the
24
inclusion in this definition of the term “credit card information,” however, it does not appear that
25
App vendors are given access to user’s credit card numbers. See FAC ¶ 74 (alleging that third
26
party App vendors are given access to “the respective Buyer’s identity, address, city, zip code,
27
email address, or telephone number”). Svenson’s opposition concedes that credit card information
28
is not actually provided to App vendors. See Pls.’ Opp. at 15 n.14, ECF 94. Accordingly, the
14
1
“Packets Contents” are not materially different from the personal information alleged to have been
2
disclosed in the original complaint. Compare Compl. ¶ 49, ECF 5-1, with FAC ¶¶ 10, 74, ECF 84.
3
Svenson’s opposition to Google’s motion relies largely upon same cases discussed by the Court in
4
its prior order. See, e.g., Zynga, 750 F.3d 1098; Pharmatrak, 329 F.3d 9; Yunker v. Pandora
5
Media, Inc., No. 11-cv-03113 JSW, 2013 WL 1282980 (N.D. Cal. Mar. 26, 2013). Because none
6
of Svenson’s factual allegations or legal arguments are materially different from those considered
7
and rejected by the Court previously2, the Court declines to reconsider its prior ruling.
Accordingly, the motion to dismiss is GRANTED WITHOUT LEAVE TO AMEND as to
8
9
Claim 4.
5.
10
Claim 5 asserts a violation of California Business & Professions Code § 17200. In order to
11
United States District Court
Northern District of California
Claim 5 – Violation of California’s UCL
12
state a claim for relief under that provision, Plaintiff must allege facts showing that Defendants
13
engaged in an “unlawful, unfair or fraudulent business act or practice.” Cal. Bus. & Prof. Code §
14
17200. “Because the statute is written in the disjunctive, it is violated where a defendant’s act or
15
practice violates any of the foregoing prongs.” Davis v. HSBC Bank Nevada, N.A., 691 F.3d 1152,
16
1168 (9th Cir. 2012). In addition to identifying a practice under one of the above prongs, a
17
plaintiff must allege that he or she has suffered (1) economic injury (2) as a result of the practice.
18
See Kwikset Corp. v. Sup.Ct., 51 Cal. 4th 310, 323 (2011). Specifically, the plaintiff must allege
19
that he or she “suffered injury in fact and has lost money or property as a result of the unfair
20
competition.” Cal. Bus. & Prof. Code § 17204.
The Court previously dismissed Svenson’s UCL claim for failing to allege economic injury
21
22
arising from the challenged business practice as required by Kwikset. See Order of Aug. 12, 2014
23
at 16, ECF 83. In particular, the Court concluded that “Plaintiff alleges that she purchased an App
24
for $1.77 and received that App,” and that she had “not alleged facts showing that she suffered any
25
26
27
28
2
Svenson does advance one new legal argument, that the Court is charged with the “interpretive
duty” to find the interpretation of § 2702 that is most harmonious with its purpose of prohibiting
disclosure of the contents of electronic communications. See Pl.’s Opp. at 15, ECF at 15. This
argument does not advance Svenson’s position, as she has failed to allege facts showing that the
personal information at issue is “contents of a communication” rather than “record information.”
15
1
damages resulting from that transaction.” Id. Google contends that Svenson has not cured this
2
defect. However, as discussed above in connection with the contract claim, Svenson now alleges
3
that “Defendants’ payment-processing services provided under Buyer Contracts are not free:
4
Defendants keep a percentage of the purchase price for each App purchase they process.” FAC ¶
5
142. She also alleges that “[t]he percentage of the App sales price Defendants retained is the
6
money Defendants earned from Plaintiff’s and Class Members’ purchases of Apps under the
7
Buyer Contracts.” Id. ¶ 148. Svenson thus alleges that she paid Google for services that she did
8
not receive as a result of Google’s unlawful and unfair business practices, establishing economic
9
injury.
10
The Court did not previously consider whether Svenson had alleged facts sufficient to meet
United States District Court
Northern District of California
11
the other pleading requirements for UCL claims. Svenson asserts claims under the unlawful and
12
unfair prongs. With respect to the former, “[b]y proscribing any unlawful business practice,
13
section 17200 borrows violations of other laws and treats them as unlawful practices that the
14
unfair competition law makes independently actionable.” Chabner v. United of Omaha Life Ins.
15
Co., 225 F.3d 1042, 1048 (9th Cir. 2000) (internal quotation marks and citation omitted). Svenson
16
relies upon alleged violations of the SCA, which are insufficient for the reasons discussed in
17
connection with Claims 3 and 4, above. However, she also relies upon alleged violations of
18
California Business and Professions Code § 22576, which prohibits an operator of a commercial
19
web site or online service from failing to comply with its own privacy policies. Id. ¶¶ 222-223.
20
Svenson’s allegations regarding Google’s policy of disclosing personal information in connection
21
with all App purchases, in violation of its own privacy policies, thus are sufficient to state a claim
22
under the unlawful prong. See id. ¶¶ 223-224.
23
With respect to the unfair prong, “the UCL does not define the term ‘unfair’ as used in
24
Business and Professions Code section 17200.” Durell v. Sharp Healthcare, 183 Cal. App. 4th
25
1350, 1364 (2010). Nor has the California Supreme Court established a definitive test to
26
determine whether a business practice is unfair. Phipps v. Wells Fargo Bank, N.A., No. CV F 10–
27
2025 LJO SKO, 2011 WL 302803, at *16 (E.D. Cal. Jan. 27, 2011). Three lines of authority have
28
developed among the California Courts of Appeal. In the first line, the test requires “that the
16
1
public policy which is a predicate to a consumer unfair competition action under the unfair prong
2
of the UCL must be tethered to specific constitutional, statutory, or regulatory provisions.” Drum
3
v. San Fernando Valley Bar Ass’n, 182 Cal. App. 4th 247, 257 (2010) (internal quotation marks
4
and citation omitted). A second line of cases applies a test to determine whether the identified
5
business practice is “immoral, unethical, oppressive, unscrupulous or substantially injurious to
6
consumers and requires the court to weigh the utility of the defendant’s conduct against the gravity
7
of the harm to the alleged victim.” Id. (internal quotation marks and citation omitted). The third
8
test draws on the definition of “unfair” from antitrust law and requires that “(1) the consumer
9
injury must be substantial; (2) the injury must not be outweighed by any countervailing benefits to
consumers or competition; and (3) it must be an injury that consumers themselves could not
11
United States District Court
Northern District of California
10
reasonably have avoided.” Id. (internal quotation marks and citation omitted). Svenson alleges
12
that Google’s alleged practice of disclosing personal information in connection with all App
13
purchases is “oppressive, immoral, unethical, and unscrupulous,” and that it effects substantial
14
consumer injury that is “not outweighed by any countervailing benefit to consumers or to
15
competition.” FAC ¶¶ 225, 229. The details of Google’s alleged practice of violating its privacy
16
policies, and the resulting injuries to Svenson and the Class arising from such practice, are
17
discussed in detail above and need not be set forth again here. See id. ¶¶ 225-244. The Court
18
concludes that Svenson has made out a UCL claim under the unfair prong as well as under the
19
unlawful prong.
20
Google argues that Svenson’s UCL claim is governed by the standards applicable to the
21
fraudulent prong even though she specifically confines her allegations to the unlawful and unfair
22
prongs. “[A] consumer’s burden of pleading causation in a UCL action should hinge on the nature
23
of the alleged wrongdoing rather than the specific prong of the UCL the consumer invokes.”
24
Durell, 183 Cal. App. 4th at 1363. Thus a claim that is based upon alleged misrepresentation and
25
deception requires an allegation of actual reliance even if brought under the unlawful or unfair
26
prongs rather than the fraudulent prong. Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir.
27
2009) (fraud requirements may apply to claim brought under unfair prong); Durell, 183 Cal. App.
28
4th at 1363 (reliance requirement may apply to claim brought under unlawful prong). According
17
1
to Google, the thrust of the UCL claim is that Google misrepresented its practices with respect to
2
disclosure of user information. Thus, Google asserts, Svenson must allege reliance upon those
3
misrepresentations in order to state a claim. Svenson does not allege that she read or relied upon
4
the Google Wallet Terms of Service or the privacy provisions contained therein.
5
The Court is not persuaded by Google’s characterization of Svenson’s UCL claim. Her
6
unlawful prong claim alleges in a straightforward manner that Google violated its own privacy
7
policies in violation of California Business and Professions Code § 22576. No reliance is required
8
for a violation of § 22576. With respect to the unfair prong, Svenson does not alleged that she
9
entered into the “Buyer Contract” in reliance upon misrepresentations regarding the privacy
protections contained therein. She alleges that that privacy protections were contract benefits to
11
United States District Court
Northern District of California
10
which she was entitled and that Google’s practice of making “blanket, universal disclosure of any
12
or all of the Packets Contents to third-party App Vendors” in connection with every App purchase
13
in the Play Store deprived her (and the Class) of any opportunity to receive those benefits. FAC
14
¶¶ 163-65. “[A] breach of contract may . . . form the predicate for Section 17200 claims, provided
15
it also constitutes conduct that is unlawful, or unfair, or fraudulent.” Puentes v. Wells Fargo
16
Home Mortg., Inc., 160 Cal. App. 4th 638, 645 (2008) (internal quotation marks and citation
17
omitted) (alterations in original). Svenson’s allegation that Google had a policy that by its very
18
nature frustrated “[t]he agreed common purpose of the Wallet Terms [ ] for Buyers to be able to
19
privately purchase Apps from App Vendors,” FAC ¶ 168, is sufficient to take her claim beyond
20
mere breach of contract and into the realm of unfair competition prohibited by the UCL.
Based upon the foregoing, the motion to dismiss is DENIED as to Claim 5.
21
22
IV.
ORDER
23
(1)
Defendants’ Motion to Dismiss for lack of Article III standing is DENIED;
24
(2)
Defendants’ Motion to Dismiss for failure to state a claim is GRANTED as to
Claims 3 and 4 without leave to amend and DENIED as to Claims 1, 2, and 5; and
25
26
27
28
(3)
Defendants shall file an answer on or before April 16, 2015.
Dated: April 1, 2015
______________________________________
BETH LABSON FREEMAN
United States District Judge
18
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
