615 F.Supp.3d 1069
N.D. Cal.2022Background
- Plaintiffs Hammerling and Jackson (Florida residents) allege that Google used a secret program called "Android Lockbox" to collect app-installation, duration, and frequency data from non-Google Android apps and infer sensitive attributes (e.g., religion, pregnancy, political views).
- Plaintiffs sued on behalf of a putative class asserting ten claims including intrusion upon seclusion, California constitutional privacy, deceit (Cal. Civ. Code § 1709), CLRA, UCL (fraud/unlawful/unfair), breach of contract (express and implied), unjust enrichment, CIPA (Cal. Pen. Code § 631), and declaratory relief.
- Google moved to dismiss under Fed. R. Civ. P. 12(b)(6) and 9(b). The Court incorporated Google’s Privacy Policy by reference and considered prior related decisions (e.g., McCoy).
- The Court dismissed all claims with leave to amend: it found the Privacy Policy ambiguous (so nondisclosure plausibly pleaded) but held plaintiffs failed to plead required elements for multiple claims (e.g., reliance, duty to disclose, "highly offensive" intrusion, intercepted "contents").
- Key dispositive holdings: fraud claims dismissed for lack of particularized reliance and lack of duty to disclose; CLRA also dismissed for no pleaded transaction with Google; privacy claims dismissed for failing to plead offensiveness; CIPA dismissed for failure to allege interception of "contents"; contract and unjust enrichment claims dismissed; declaratory relief dismissed as dependent on underlying claims.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Fraud — misrepresentation (CLRA, UCL fraud, §1709) | Google told users data collected "to personalize" and plaintiffs relied when setting up phones, causing overpayment | Privacy Policy disclosures preclude misrepresentation; plaintiffs did not plead they saw/relied on statements before purchase | Dismissed — plaintiffs failed to plead actual reliance with particularity |
| Fraud — omission (concealment/deceit) | Google omitted that it collected non-Google app usage and used it to compete | No duty to disclose absent defect central to product; Policy disclosed enough; LiMandri factors unmet | Dismissed — no duty to disclose; omission not actionable |
| CLRA — transaction element | Overpayment for Android phones caused by nondisclosure of data practices | Android OS is free and plaintiffs bought phones from third parties, not Google, so no CLRA transaction with Google | Dismissed — plaintiffs failed to plead a transaction with Google |
| Privacy — intrusion upon seclusion & CA Constitution | Secret collection of app-usage and inferred sensitive traits invaded privacy and was highly offensive | Collection is commercial/data-processing conduct not sufficiently egregious; allegations lack specifics on how highly sensitive content was obtained | Dismissed — reasonable expectation pleaded but not "highly offensive" intrusion |
| CIPA (§631) — interception/contents | Google intercepted communications in transit (app interactions) and learned their contents | Collected metadata/usage, not the "contents" of communications | Dismissed — plaintiffs failed to allege interception of "contents" |
| Contract claims (express, implied, unjust enrichment) | Privacy Policy/ToS promises and conduct created contractual and quasi-contractual obligations; Google benefitted unjustly | Policy contains no promise not to collect usage from non-Google apps; express contract governs (precludes implied); no actionable misrepresentation for restitution | Dismissed — no plausible breach of a contract term; implied contract barred; unjust enrichment fails |
Key Cases Cited
- Godecke v. Kinetic Concepts, Inc., 937 F.3d 1201 (9th Cir. 2019) (standard for Rule 12(b)(6) dismissal review)
- Ashcroft v. Iqbal, 556 U.S. 662 (U.S. 2009) (plausibility pleading standard)
- Tellabs, Inc. v. Makor Issues & Rights, Ltd., 551 U.S. 308 (U.S. 2007) (materials courts may consider on a motion to dismiss)
- In re Facebook, Inc. Internet Tracking Litig., 956 F.3d 589 (9th Cir. 2020) (reasonable expectation of privacy and "highly offensive" analysis)
- Hodsdon v. Mars, Inc., 891 F.3d 857 (9th Cir. 2018) (duty-to-disclose test requiring centrality to product function)
- Kwikset Corp. v. Superior Ct., 51 Cal.4th 310 (Cal. 2011) (elements for CLRA and UCL reliance/damage)
- United States v. Forrester, 512 F.3d 500 (9th Cir. 2008) (distinguishing contents from record information)
- In re Zynga Privacy Litig., 750 F.3d 1098 (9th Cir. 2014) (URL data and contents analysis)
- Davis v. HSBC Bank Nevada, N.A., 691 F.3d 1152 (9th Cir. 2012) (when truthful disclosure defeats an omission claim)
- In re Google Inc. Cookie Placement Consumer Privacy Litig., 806 F.3d 125 (3d Cir. 2015) (surreptitious tracking can violate expectations when overt representations are contradicted)